Play Store loses over 260K apps following Google’s quality push

Android’s app ecosystem has experienced a significant decline in the number of available apps in recent years, according to data from Statista and AppBrain.

Three years ago, Android users had 295 million apps to choose from. However, by the end of 2021, that number had dropped drastically to 2.7 million, and the decline continued.

In January 2022, there were 2.64 million apps available—representing a staggering drop of 260,000 apps in just two years. Although the...

17 July 2023 | Android

GitHub introduces passwordless authentication

GitHub is introducing passwordless authentication to enhance account security and provide a more seamless user experience.

Passkeys are touted as offering a secure and easy-to-use method of protecting user accounts, with the aim of eliminating password-based breaches altogether. Unlike conventional security measures, passkeys offer improved security by combining two-factor authentication (2FA) with enhanced user verification.

Passkeys require something the user is or...

14 July 2023 | Development Tools

Sonatype uncovers further malicious PyPI and npm packages

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries.

Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm "colors" library.

The malicious packages, including names such as "broke-rcl," "brokescolors," and "trexcolors," exclusively targeted the Windows operating system. Once installed, these packages would initiate the...

23 June 2023 | Developer

PyPI suspends new projects and users due to malicious activity

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity.

This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a similar attack on the Nuget package manager last year, involving over 140,000 malicious packages, have highlighted the...

22 May 2023 | Hacking & Security

Apple blocked over $2B of fraudulent App Store transactions in 2022

Apple continues to prioritise user safety and security within its App Store ecosystem, reporting that it successfully prevented over $2 billion in potentially fraudulent transactions in 2022.

The company says that it has been intensifying its efforts to reject suspicious apps and ensure that only reliable and trustworthy apps are available to users.

With millions of weekly visitors and over 36 million registered developers, the App Store has become a thriving platform....

17 May 2023 | App Stores

ChatGPT-generated code is often insecure

OpenAI's large language model, ChatGPT, is capable of generating code but produces insecure code without alerting users to its inadequacies, according to research by computer scientists from the Université du Québec in Canada.

The researchers asked ChatGPT to generate 21 programs in five programming languages to illustrate specific security vulnerabilities such as memory corruption, denial of service, and improperly implemented cryptography.

ChatGPT produced only five...

21 April 2023 | Development Tools

Sophos endpoint security upgrades boost cyberthreat defences

Sophos, a specialist in cybersecurity as a service, has unveiled advancements to its portfolio of industry-leading endpoint security offerings.

New adaptive active adversary protection; Linux malware protection enhancements; account health check capabilities; an integrated zero trust network access (ZTNA) agent for Windows and macOS devices; and more improve frontline defences against advanced cyberthreats and streamline endpoint security management.

Raja Patel, senior...

10 March 2023 | Developer

Clipper malware found in over 451 PyPI packages

Phylum security researchers have discovered over 451 packages on the Python Package Index (PyPI) that are infected with “clipper” malware.

Clippers replace the contents of a victim’s clipboard with something which benefits the attacker. The most prevalent clippers today look for cryptocurrency addresses and modify them to steal funds.

Starting on February 9th, Phylum was alerted by its automated risk detection platform to a long series of suspicious publications to...

15 February 2023 | Hacking & Security

Visual Studio Marketplace is the latest supply chain attack vector

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks.

In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions.

VS Code is the most popular IDE, with around 74.48 percent of developers using it. The vast array of extensions available for VS Code is partly what drives its popularity.

Here are some...

9 January 2023 | Development Tools

Hackers compromised Okta’s private GitHub repos

Okta says hackers compromised its private GitHub repos earlier this month and stole its source code.

BleepingComputer got hold of a “confidential” email notification sent by Okta to its “security contacts” about the breach.

The Identity and Access Management (IAM) solutions leader says GitHub alerted Okta to the suspicious access earlier this month.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories," wrote...

21 December 2022 | Git