hacking Archives - Developer Tech News

State of Java: Resilience amid licensing changes and security concerns

Ryan Daws — Fri, 27 Oct 2023 09:28:10 +0000

Azul has unveiled its first annual State of Java Survey & Report, which offers a deep exploration of the Java landscape. The study – based on responses from over 2,000 Java users worldwide – aims to provide unparalleled insights into Java’s current standing, particularly its influence on enterprises of various sizes. Java’s ubiquity and vital... Read more »

The post State of Java: Resilience amid licensing changes and security concerns appeared first on Developer Tech News.

Sauce Labs exposes some developers’ risky habits

Ryan Daws — Tue, 03 Oct 2023 15:32:51 +0000

A survey by Sauce Labs of 500 US-based developers has put the spotlight on some concerning practices. One alarming discovery was the tendency of developers to push code to production without adequate testing. 67 percent of respondents admitted to this practice, jeopardising software quality, user experience, and system stability. Additionally, 68 percent confessed to merging... Read more »

The post Sauce Labs exposes some developers’ risky habits appeared first on Developer Tech News.

Mathew Payne, GitHub: Protecting code while nurturing user experience

Ryan Daws — Fri, 18 Aug 2023 13:54:35 +0000

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience. At the heart of GitHub’s security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on... Read more »

The post Mathew Payne, GitHub: Protecting code while nurturing user experience appeared first on Developer Tech News.

Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign

Ryan Daws — Fri, 04 Aug 2023 11:05:45 +0000

In a recent analysis conducted by Sonatype, a malicious Python Package Index (PyPI) package named ‘VMConnect’ was discovered masquerading as the legitimate VMware vSphere connector module ‘vConnector’. The counterfeit package was found to contain sinister code designed to compromise users’ systems. Further investigation revealed an ongoing campaign involving additional packages like “ethter” and “quantiumbase,” all... Read more »

The post Malicious PyPI package discovered in ongoing ‘PaperPin’ campaign appeared first on Developer Tech News.

Checkmarx uncovers supply chain attacks targeting banking

Ryan Daws — Fri, 21 Jul 2023 12:24:45 +0000

Checkmarx has uncovered a new and sophisticated cyber threat targeting the banking sector. The security testing firm’s research team detected two distinct open-source software supply chain attacks targeting financial institutions. These attacks, which involved advanced techniques and deceptive tactics, have raised alarm bells among cybersecurity experts. Attack one: NPM The first attack occurred on April... Read more »

The post Checkmarx uncovers supply chain attacks targeting banking appeared first on Developer Tech News.

GitHub introduces passwordless authentication

Ryan Daws — Fri, 14 Jul 2023 12:35:24 +0000

GitHub is introducing passwordless authentication to enhance account security and provide a more seamless user experience. Passkeys are touted as offering a secure and easy-to-use method of protecting user accounts, with the aim of eliminating password-based breaches altogether. Unlike conventional security measures, passkeys offer improved security by combining two-factor authentication (2FA) with enhanced user verification.... Read more »

The post GitHub introduces passwordless authentication appeared first on Developer Tech News.

Sonatype uncovers further malicious PyPI and npm packages

Ryan Daws — Fri, 23 Jun 2023 15:47:27 +0000

Sonatype continues to uncover a significant number of malicious packages within the PyPI and npm software registries. Among the flagged packages were several Python packages published on PyPI, masquerading as legitimate libraries named after the popular npm “colors” library. The malicious packages, including names such as “broke-rcl,” “brokescolors,” and “trexcolors,” exclusively targeted the Windows operating... Read more »

The post Sonatype uncovers further malicious PyPI and npm packages appeared first on Developer Tech News.

PyPI suspends new projects and users due to malicious activity

Ryan Daws — Mon, 22 May 2023 15:31:24 +0000

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity. This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a... Read more »

The post PyPI suspends new projects and users due to malicious activity appeared first on Developer Tech News.

ChatGPT-generated code is often insecure

Ryan Daws — Fri, 21 Apr 2023 13:42:38 +0000

OpenAI’s large language model, ChatGPT, is capable of generating code but produces insecure code without alerting users to its inadequacies, according to research by computer scientists from the Université du Québec in Canada. The researchers asked ChatGPT to generate 21 programs in five programming languages to illustrate specific security vulnerabilities such as memory corruption, denial... Read more »

The post ChatGPT-generated code is often insecure appeared first on Developer Tech News.

Visual Studio Marketplace is the latest supply chain attack vector

Ryan Daws — Mon, 09 Jan 2023 14:14:15 +0000

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks. In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions. VS Code is the most popular IDE, with around 74.48 percent of developers using it. The... Read more »

The post Visual Studio Marketplace is the latest supply chain attack vector appeared first on Developer Tech News.