Security News

A recently discovered Mac malware has been used by unknown threat actors to target software developers who use Apple's Xcode integrated development environment. SentinelOne learned about the malware from an anonymous researcher, but the company also spotted XcodeSpy in the wild in late 2020 at an organization in the United States.

IBM announced a series of new and updated capabilities for developers designed to deliver intelligent application analysis throughout the DevOps pipeline, generally available on March 19. To help clients unlock the value of DevOps across the enterprise, and help reduce risk around application modernization, IBM is announcing new IBM Wazi Analyze capabilities to help bring IBM Z into the DevOps pipeline, unlocking uniform, enterprise-wide agile delivery processes and standards with transferable skills for non-Z developers.

Accurics launched a channel program designed for partners who share a developer-first approach to cloud security, in tune with the era of Infrastructure as Code. As new cloud native technologies accelerate innovation, bringing both benefits and risk, the Accurics channel program empowers partner organizations to help clients codify security throughout the development lifecycle, facilitating self-healing cloud native infrastructure and ensuring end-to-end security in all cloud applications.

An official version of the popular 7-zip archiving program has been released for Linux for the first time. Linux already had support for the 7-zip archive file format through a POSIX port called p7zip but it was maintained by a different developer.

Boston-based developer security firm Snyk on Wednesday announced that it has raised $300 million in a Series E funding round that values the company at $4.7 billion. Snyk became a cybersecurity unicorn in January 2020, when it announced raising $150 million in Series C financing.

The Open Security & Safety Alliance announced two important developments as part of its mission to pave the road towards trustworthy and innovative security and safety solutions. First, a new specification is now available to members that focuses on camera cyber security measures.

Checkmarx announced the launch of KICS, an open source static analysis solution that enables developers to write more secure infrastructure as code. KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the very start of the IaC build cycle, allowing developers to easily remediate these flaws before reaching production.

Two developers, sponsored by Google, will dedicate their time to addressing vulnerabilities in the Linux kernel as part of a wider effort to improve the security of open-source software. Google will sponsor a pair of developers to work full-time on bolstering the security of Linux.

Index Engines released an API-based developer's kit to support the integration of CyberSense software's analytics and reporting into third-party backup and storage platforms. CyberSense can directly index files in backup images, including Dell EMC NetWorker/Avamar, Veritas NetBackup, IBM Spectrum Protect, and Commvault without the need to rehydrate the data.

Microsoft president Brad Smith said the software giant's analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers. Speaking on US news magazine program 60 Minutes, Smith labelled the attack "The largest and most sophisticated attack the world has ever seen."