Security News

The social media giant said that it recently discovered that 5,000 developers received data from Facebook users - long after their access to that data should have expired. In 2018, on the heels of the Cambridge Analytica privacy incident, Facebook debuted stricter controls over data collection by third-party app developers.

A new survey of developers has found that there isn't a single application security tool that at least 80% of developers said is inhibiting their productivity. The degree to which various aspects of appsec hinder developer productivity vary from item to item, with the largest hindrance being a disconnect between developer and security workflows.

A man who developed distributed denial of service botnets based on the source code of Mirai was sentenced to 13 months in federal prison. Initially based on the publicly available Mirai source code, the botnets received additional capabilities over time, which increased their complexity and efficiency, the DoJ says.

Children's app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission of illegally collecting children's data without parental consent. A recent complaint filed by the Department of Justice claims that the app developer allowed third-party ad networks to collect personal data from children using its apps - without notifying parents or obtaining verifiable parental consent.

In its write-up of the attack, the GitHub Security Labs team explains how the malware lurks in source code repositories uploaded to its site, activating when a developer downloads an infected repository and uses it to create a software program. Most of the variants that GitHub found in its scans also infect a project's source code, meaning that any other newly-infected projects mirrored to remote repositories would spread the malware further on GitHub.

"The move to cloud-native platforms has shifted the way applications are developed and deployed," said Tim Callahan, senior vice president and global chief security officer for Aflac, and Venafi customer advisory board member. Jetstack and Venafi have been working closely together over the last two years to dramatically accelerate the speed of innovation for next generation machine identity protection in Kubernetes, multi-cloud, service mesh and microservices ecosystems.

These days, Josh is writing about the future of data policy and ownership, which are important issues for everyone that's really involved in the development of a new app or a system, from developers to project managers and everybody in between so that's why he's here talking about some of those things that developers need to know about data collection. One thing that we really need to start looking at it differently is the separation between data ownership and data privacy and data security because a lot of times I feel when people are talking about this, it gets all balled up into one.

In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.

HarperDB releases HarperDB Cloud, its fully managed and hosted cloud offering. HarperDB Cloud instances can be spun up in minutes, featuring a built-in API, ACID compliant SQL and NoSQL capabilities, and standard interfaces for connecting to reporting and analysis tools.

A legitimate file may be called "Thisisafile.exe," while a malicious impersonator may call itself "This1safile.exe." Unobservant users could thus download the malicious file by mistake. If developers accidentally downloaded the rogue files instead of the legitimate gems they were looking for, the software packages they built using the libraries would automatically harbor the Bitcoin-stealer, endangering all users of that software.