Security News

Sangoma disclosed a data breach after files were stolen during a recent Conti ransomware attack and published online. Yesterday, the Conti ransomware gang published over 26 GB of data on their ransomware data leak site that was stolen from Sangoma during the recent cyberattack.

The next time you try to download an app from the App Store onto your iPhone or iPad, you may notice a new App Privacy section that seeks to clue you in on certain details. With the release of iOS/iPadOS 14.3 this past Monday, any new or updated app must include a privacy label, otherwise it won't be allowed on the App Store.

When speed is everything, developers are often reluctant to prioritize security - so how do you make DevSecOps stick with developers? Developers are the key to DevSecOps success and as a result, their approach to security must be consistent.

A new survey of the free and open-source software community conducted by the Linux Foundation suggests that contributors spend less than 3% of their time on security issues and have little desire to increase this. A report based on the answers of nearly 1,200 FOSS contributors carried out by the Linux Foundation and Laboratory for Innovation Science at Harvard highlighted a "Clear need" for developers to dedicate more time to the security of FOSS projects as businesses and economies become increasingly reliant on open-source software.

Spamhaus Technology releases its Intelligence API. This is the first time Spamhaus has released its extensive threat intelligence via API, providing enriched data relating to IP addresses exhibiting compromised behaviour. Available free of charge, developers can readily access enhanced data that catalogues IP addresses compromised by malware, worms, Trojan infections, devices controlled by botnets, and third party exploits, such as open proxies.

The problem is, developers haven't had the most inspiring introduction to security training over the years, and anything that can be done to make their experience more engaging, productive, and fun is going to be a powerful motivator in helping them gain valuable secure coding skills. In a blog post from November 28, 2019, security research group Wisdom reported on a security bug they discovered on GitHub.

Scorecards provides an assessment of open-source packages, which developers can use to judge whether they are safe to introduce into their projects or systems. Introducing unknown code into a software can be risky, which is why Google is introducing a new scorecard system to help developers assess the risk of open-source dependencies before introducing them to their systems.

Ubiq Security announced the launch of its API-based encryption platform for developers. Ubiq has eliminated the traditional complexities of encryption, allowing developers and information security teams - even those without encryption or cryptography expertise - to integrate data encryption directly into applications in minutes, with nothing more than a few lines of code and two API calls.

DataStax announced that enterprises and developers now have the freedom to run any Apache Cassandra workload, anywhere, at global-scale with DataStax Astra on Amazon Web Services, Google Cloud Platform, and Microsoft Azure. Delivering on the mission to connect every developer in the world to the power of Cassandra with the freedom to run their data in any cloud or on any device, DataStax extends the availability of Astra on major cloud platforms.

Okta further extended its Okta Devices Platform Service capabilities to developers through the Okta Devices SDK. Using the Okta Devices SDK, developers can enable passwordless authentication through branded push notifications with biometric capabilities, minimizing friction for end-users and increasing security posture. "This dynamic landscape has placed an extra emphasis on today's modern businesses to be relevant across every device. The Devices SDK takes the customizability and security of the Okta Identity Cloud and puts it in the hands of developers everywhere."