Security News

Google says it banned 173,000 developer accounts in 2022 to block malware operations and fraud rings from infecting Android users' devices with malicious apps. "In 2022, we prevented 1.43 million policy-violating apps from being published on Google Play in part due to new and improved security features and policy enhancements - in combination with our continuous investments in machine learning systems and app review processes," the Google Security team said.

A growing reliance on AI and ML. Among the key findings in GitLab's report was the fact that AI/ML adoption in software development and security workflows continues to accelerate, with 62% of software developers using AI/ML to check code - up from 51% in 2022 - while 53% are using bots in the testing process, compared to 39% last year. In GitLab's 2022 Global DevSecOps Report, 54% of security respondents said they used two to five tools in their workflow, while 35% reported using six to 10; in 2023, these figures were 42% and 43%, respectively.

"The packages contained a PowerShell script that would execute upon installation and trigger a download of a 'second stage' payload, which could be remotely executed," JFrog researchers Natan Nehorai and Brian Moussalli said. While NuGet packages have been in the past found to contain vulnerabilities and be abused to propagate phishing links, the development marks the first-ever discovery of packages with malicious code.

NET developers with cryptocurrency stealers delivered through the NuGet repository and impersonating multiple legitimate packages via typosquatting. NET developers who had their systems compromised, it could also be explained by the attackers' efforts to legitimize their malicious NuGet packages.

Ukraine's cyberpolice has arrested the developer of a remote access trojan malware that infected over 10,000 computers while posing as game applications. "The man developed viral software, which he positioned as applications for computer games."

GSC Game World, the developer of the highly-anticipated 'STALKER 2: Heart of Chornobyl' game, warned their systems were breached, allowing threat actors to steal game assets during the attack. The Ukrainian game publisher says that a "Community from a Russian social network" was behind the attack and is blackmailing the company by threatening to release data for Stalker 2, which is expected to be released later this year.

GitHub will start requiring active developers to enable two-factor authentication on their accounts beginning next week, on March 13. The gradual rollout will start next week with GitHub reaching out to smaller groups of administrators and developers via email and will speed up as the end of the year approaches to ensure that onboarding is seamless and users have time to sort out any issues.

Developers care about the quality and security of their code, and when empowered to help, developers make great security advocates who can help harden your supply chain security while reducing the burden on DevOps and security teams. Introducing security tools that allow developers to own code security within their existing development process can increase early risk identification and simplify the process of mitigating risks, slowing the growth of vulnerability backlogs.

LastPass is, once again, telling customers about a security incident related to the August 2022 breach of its development environment and subsequent unauthorized access to the company's third-party cloud storage service that hosted backups: "The threat actor leveraged information stolen during the first incident, information available from a third-party data breach, and a vulnerability in a third-party media software package to launch a coordinated second attack." The second incident went initially unnoticed, LastPass says, the tactics, techniques, and procedures and the indicators of compromise of the second incident "Were not consistent with those of the first." It was only later determined that the two incidents were related.

Cybersecurity researchers are warning of "Imposter packages" mimicking popular libraries available on the Python Package Index repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3.