Security News

Cybercriminals harness AI for new era of malware development
2024-03-01 06:30

Group-IB found these compromised credentials within the logs of information-stealing malware traded on illicit dark web marketplaces. Throughout the reporting period, Group-IB experts uncovered 27 new advertisements for ransomware-as-a-service programs on dark web forums, including well known groups such as Qilin, as well as other collectives that have yet to be seen in the wild.

A step-by-step plan for safe use of GenAI models for software development
2024-02-22 06:00

Since this field has a lot of blanks, it is best to work with trusted experts or outsource the creating and implementing of GenAI practices to someone with expertise in the field. Keep in mind that if an employee uses their personal account for working with ChatGPT, the outcome is their intellectual property, not your company's.

The dynamic relationship between AI and application development
2024-01-04 04:30

In this Help Net Security video, Greg Ellis, General Manager, Application Security, at Digital.ai, discusses how artificial intelligence is revolutionizing the way applications are developed and...

Alert fatigue puts pressure on security and development teams
2023-12-08 05:00

The research found that AppSec chaos reigns, with 78% of CISOs responding that today's AppSec attack surfaces are unmanageable and 90% of responders confirmed relationships between their security and development teams need to improve. 85% of CISOs acknowledge dev teams suffer from vulnerability noise and alert fatigue, which strains the relationship between security and dev teams.

U.S., U.K., and Global Partners Release Secure AI System Development Guidelines
2023-11-27 06:55

The U.K. and U.S., along with international partners from 16 other countries, have released new guidelines for the development of secure artificial intelligence (AI) systems. "The approach...

CI/CD Risks: Protecting Your Software Development Pipelines
2023-11-14 11:35

While Dependabot exemplifies the advancements in automating software maintenance tasks, this incident also underscores the broader complexities and vulnerabilities inherent in CI/CD pipelines. These pipelines serve as vital conduits, linking the external world of software development tools and platforms with the internal processes of software creation and deployment.

4 warning signs that your low-code development needs DevSecOps
2023-11-14 06:30

Traditional on-premises and pro-code development teams have invested heavily in DevSecOps tooling, but many low-code development teams don't believe these tools are necessary. If your low-code team is resistant to DevSecOps tools, here are four early warning signs that you should be considering a tool to help manage your releases.

Privacy concerns cast a shadow on AI’s potential for software development
2023-09-13 03:00

Organizations are optimistic about AI, but AI adoption requires attention to privacy and security, productivity, and training, according to GitLab. "According to the GitLab Global DevSecOps Report, only 25% of developers' time is spent on code generation, but the data shows AI can boost productivity and collaboration in nearly 60% of developers' day-to-day work. To realize AI's full potential, it needs to be embedded across the software development lifecycle, allowing everyone involved in delivering secure software, not just developers, to benefit from the efficiency boost."

LibreOffice: Stability, security, and continued development
2023-09-07 05:30

LibreOffice is based on the source code of OpenOffice, a project that, according to LibreOffice marketing co-lead Italo Vignoli, was marked by questionable decisions around development and quality assurance. To address the mountain of inherited technical debt, the LibreOffice developers undertook a heavy source code cleanup and refactoring process, which lasted throughout the development of LibreOffice 3.x and 4.x. "This effort was coupled with the creation of an infrastructure to serve the developers, with the implementation of tools such as Gerrit for code review, Git for continuous integration, a battery of Tinderboxes, Bugzilla for quality assurance, OpenGrok for source code research, Weblate for localization, as well as testing for performance and crash analysis," he explained.

North Korean hackers breached Russian missile development firm
2023-08-08 13:37

North Korean state-sponsored hackers have breached Russian missile maker NPO Mashinostroyeniya, according to SentinelLabs researchers. The researchers came across leaked email communication between NPO Mashinostroyeniya's IT staff that contained information about a possible cyber intrusion first detected in May 2022.