Security News

A man who developed distributed denial of service botnets based on the source code of Mirai was sentenced to 13 months in federal prison. Initially based on the publicly available Mirai source code, the botnets received additional capabilities over time, which increased their complexity and efficiency, the DoJ says.

Children's app developer HyperBeard has agreed to pay $150,000 after being accused by the Federal Trade Commission of illegally collecting children's data without parental consent. A recent complaint filed by the Department of Justice claims that the app developer allowed third-party ad networks to collect personal data from children using its apps - without notifying parents or obtaining verifiable parental consent.

In its write-up of the attack, the GitHub Security Labs team explains how the malware lurks in source code repositories uploaded to its site, activating when a developer downloads an infected repository and uses it to create a software program. Most of the variants that GitHub found in its scans also infect a project's source code, meaning that any other newly-infected projects mirrored to remote repositories would spread the malware further on GitHub.

"The move to cloud-native platforms has shifted the way applications are developed and deployed," said Tim Callahan, senior vice president and global chief security officer for Aflac, and Venafi customer advisory board member. Jetstack and Venafi have been working closely together over the last two years to dramatically accelerate the speed of innovation for next generation machine identity protection in Kubernetes, multi-cloud, service mesh and microservices ecosystems.

These days, Josh is writing about the future of data policy and ownership, which are important issues for everyone that's really involved in the development of a new app or a system, from developers to project managers and everybody in between so that's why he's here talking about some of those things that developers need to know about data collection. One thing that we really need to start looking at it differently is the separation between data ownership and data privacy and data security because a lot of times I feel when people are talking about this, it gets all balled up into one.

In a post-Cambridge Analytica world, developers are more important than ever to the data privacy and security of the software they build.

HarperDB releases HarperDB Cloud, its fully managed and hosted cloud offering. HarperDB Cloud instances can be spun up in minutes, featuring a built-in API, ACID compliant SQL and NoSQL capabilities, and standard interfaces for connecting to reporting and analysis tools.

A legitimate file may be called "Thisisafile.exe," while a malicious impersonator may call itself "This1safile.exe." Unobservant users could thus download the malicious file by mistake. If developers accidentally downloaded the rogue files instead of the legitimate gems they were looking for, the software packages they built using the libraries would automatically harbor the Bitcoin-stealer, endangering all users of that software.

By pairing the system with human security experts, Microsoft said it was able to develop an algorithm that was not only able to correctly identify security bugs with nearly 100% accuracy, but also correctly flag critical, high priority bugs 97% of the time. According to Microsoft, its team of 47,000 developers generate some 30,000 bugs every month across its AzureDevOps and GitHub silos, causing headaches for security teams whose job it is to ensure critical security vulnerabilities don't go missed.

For the first time ever, the findings prove the correlation between developer happiness and application security hygiene, with happy developers 3.6x less likely to neglect security when it comes to code quality. Happy developers are also 2.3x more likely to have automated security tools in place, and 1.3x more likely to follow open source security policies.