Security News

The Open Security & Safety Alliance announced two important developments as part of its mission to pave the road towards trustworthy and innovative security and safety solutions. First, a new specification is now available to members that focuses on camera cyber security measures.

Checkmarx announced the launch of KICS, an open source static analysis solution that enables developers to write more secure infrastructure as code. KICS automatically detects vulnerabilities, hard-coded keys and passwords, compliance issues, and misconfigurations from the very start of the IaC build cycle, allowing developers to easily remediate these flaws before reaching production.

Two developers, sponsored by Google, will dedicate their time to addressing vulnerabilities in the Linux kernel as part of a wider effort to improve the security of open-source software. Google will sponsor a pair of developers to work full-time on bolstering the security of Linux.

Index Engines released an API-based developer's kit to support the integration of CyberSense software's analytics and reporting into third-party backup and storage platforms. CyberSense can directly index files in backup images, including Dell EMC NetWorker/Avamar, Veritas NetBackup, IBM Spectrum Protect, and Commvault without the need to rehydrate the data.

Microsoft president Brad Smith said the software giant's analysis of the SolarWinds hack suggests the code behind the crack was the work of a thousand or more developers. Speaking on US news magazine program 60 Minutes, Smith labelled the attack "The largest and most sophisticated attack the world has ever seen."

Polish video game maker CD Projekt RED, the company behind The Witcher and Cyberpunk 2077, said Tuesday hackers had stolen data in a "Targeted cyber attack". "An unidentified actor gained unauthorized access to our internal network, collected certain data belonging to CD PROJEKT capital group, and left a ransom note," the company said on Twitter.

Web development resources provider SitePoint has notified users of a data breach that resulted in some of their information being stolen. Based in Melbourne, Australia, and established more than two decades ago, SitePoint provides users with access to tutorials and books that can help them learn the basics of web development.

Embedded system software provider Wind River Systems has started informing employees of a data breach that resulted in their personal information being stolen by a third party. Its product portfolio includes the Wind River Linux operating system and the VxWorks real-time operating system.

Dynatrace announced that its Application Security Module now directly links the vulnerabilities it identifies in real time in production and pre-production environments to the Snyk Intel database of open source vulnerabilities to facilitate faster and easier remediation by developers. Dynatrace Application Security, the newest module in Dynatrace's all-in-one Software Intelligence Platform, is optimized for Kubernetes architectures and DevSecOps approaches.

Facebook has filed legal action against two Chrome extension developers that the company said was scraping user profile data - including names and profile IDs - as well as other browser-related information. The two unnamed developers under the business name Oink and Stuff, developed Chrome malicious browser extensions, which actually contained hidden code "That functioned like spyware," alleges Facebook.