Security News

Inspiring secure coding: Strategies to encourage developers’ continuous improvement
2023-07-25 04:30

He sheds light on the significance of positive security culture, the reasons behind recurrent vulnerabilities, strategies for incorporating secure coding training without hampering development processes, the effectiveness of gamified learning experiences, the need for the regular refreshment of secure development training, and innovative methods to encourage developers to improve their secure coding techniques. How important is fostering a security culture within development teams for secure coding practices?

Police arrests Ukrainian scareware developer after 10-year hunt
2023-07-17 15:40

The Spanish National Police has apprehended a Ukrainian national wanted internationally for his involvement in a scareware operation spanning from 2006 to 2011. "The operation has been carried out by investigators from the General Information Police Station in coordination with the Provincial Information Brigades of Tenerife and Barcelona and with the El Prat Airport Police Station," a Spanish National Police press release published on Saturday reads.

How to make developers love security
2023-06-07 05:00

In my last post I discussed how developers can be your security secret weapon but how to help them love doing security work? That's a whole other challenge! Developers giving security the cold shoulder isn't just a myth: Industry surveys have repeatedly shown that engineers try to avoid security work, while security teams become frustrated at engineers' lack of action.

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware
2023-05-19 10:40

Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called TurkoRat. The findings once again underscore the ongoing risk of threat actors orchestrating supply chain attacks via open source packages and baiting developers into downloading potentially untrusted code.

Introducing Permit.io: Simplifying access control and policy management for developers
2023-05-18 04:00

In this Help Net Security video interview, Or Weis, Co-Founder and CEO of Permit.io, discusses an innovative approach to managing permissions and access control within applications. We will explore policy as code and how it addresses organizations' challenges in managing access control effectively.

Google banned 173K developer accounts to block malware, fraud rings
2023-04-27 17:13

Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users' devices with malicious apps. "In 2022, we prevented 1.43 million policy-violating apps from being published on Google Play in part due to new and improved security features and policy enhancements - in combination with our continuous investments in machine learning systems and app review processes," the Google Security team said.

DevSecOps: AI is reshaping developer roles, but it’s not all smooth sailing
2023-04-21 15:21

A growing reliance on AI and ML. Among the key findings in GitLab's report was the fact that AI/ML adoption in software development and security workflows continues to accelerate, with 62% of software developers using AI/ML to check code - up from 51% in 2022 - while 53% are using bots in the testing process, compared to 39% last year. In GitLab's 2022 Global DevSecOps Report, 54% of security respondents said they used two to five tools in their workflow, while 35% reported using six to 10; in 2023, these figures were 42% and 43%, respectively.

Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
2023-03-22 08:58

"The packages contained a PowerShell script that would execute upon installation and trigger a download of a 'second stage' payload, which could be remotely executed," JFrog researchers Natan Nehorai and Brian Moussalli said. While NuGet packages have been in the past found to contain vulnerabilities and be abused to propagate phishing links, the development marks the first-ever discovery of packages with malicious code.

Hackers target .NET developers with malicious NuGet packages
2023-03-20 19:22

NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate packages via typosquatting. NET developers who had their systems compromised, it could also be explained by the attackers' efforts to legitimize their malicious NuGet packages.

RAT developer arrested for infecting 10,000 PCs with malware
2023-03-17 15:36

Ukraine's cyberpolice has arrested the developer of a remote access trojan malware that infected over 10,000 computers while posing as game applications. "The man developed viral software, which he positioned as applications for computer games."