AppSec teams stuck in catch-up cycle due to massive cloud-native enablement gap

A security camera surrounded by clouds.

Backslash Security, a cloud-native application security solution for enterprise AppSec teams, has released a new research study, Breaking the Catch-up Cycle: The New Cloud-Native AppSec Paradigm Survey Report, exploring how the state of application security has evolved given the rise of cloud-native application development.

The study examines the practices, tools, and needs of CISOs, AppSec managers, and AppSec engineers at enterprise organizations of 1,000 or more employees...

26 May 2023 | Developer

PyPI suspends new projects and users due to malicious activity

The PyPI (Python Package Index) team has temporarily suspended new projects and users on their platform due to malicious activity.

This surge in malicious activity aligns with a larger trend observed across several open-source registries in recent months. Notably, incidents such as the flood of malicious packages on the NPM JavaScript package manager and a similar attack on the Nuget package manager last year, involving over 140,000 malicious packages, have highlighted the...

22 May 2023 | Hacking & Security

Apple blocked over $2B of fraudulent App Store transactions in 2022

Apple continues to prioritise user safety and security within its App Store ecosystem, reporting that it successfully prevented over $2 billion in potentially fraudulent transactions in 2022.

The company says that it has been intensifying its efforts to reject suspicious apps and ensure that only reliable and trustworthy apps are available to users.

With millions of weekly visitors and over 36 million registered developers, the App Store has become a thriving platform....

17 May 2023 | App Stores

ChatGPT-generated code is often insecure

OpenAI's large language model, ChatGPT, is capable of generating code but produces insecure code without alerting users to its inadequacies, according to research by computer scientists from the Université du Québec in Canada.

The researchers asked ChatGPT to generate 21 programs in five programming languages to illustrate specific security vulnerabilities such as memory corruption, denial of service, and improperly implemented cryptography.

ChatGPT produced only five...

21 April 2023 | Development Tools

Clipper malware found in over 451 PyPI packages

Phylum security researchers have discovered over 451 packages on the Python Package Index (PyPI) that are infected with “clipper” malware.

Clippers replace the contents of a victim’s clipboard with something which benefits the attacker. The most prevalent clippers today look for cryptocurrency addresses and modify them to steal funds.

Starting on February 9th, Phylum was alerted by its automated risk detection platform to a long series of suspicious publications to...

15 February 2023 | Hacking & Security

India demonstrates its security-focused ‘BharOS’

India has demonstrated its security-focused homegrown mobile operating system, BharOS.

Government officials teased a homegrown mobile OS earlier this month. Local media outlet Business Standard initially reported it would be called ‘IndOS’ and will be a collaboration between the government, academia, and startups.

"India is one of the largest mobile device markets in the globe. Our objective is to create a secure Indian mobile operating system that could also create...

25 January 2023 | App Stores

Visual Studio Marketplace is the latest supply chain attack vector

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks.

In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions.

VS Code is the most popular IDE, with around 74.48 percent of developers using it. The vast array of extensions available for VS Code is partly what drives its popularity.

Here are some...

9 January 2023 | Development Tools

Malware campaign targets official Python and JavaScript repos

An active malware campaign is targeting official Python and JavaScript repositories.

Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package.

Typosquats take advantage of simple typos to install malicious packages.

In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests,...

13 December 2022 | Hacking & Security

Syntax error breaks KmsdBot cryptomining botnet

A syntax error broke an otherwise advanced cryptomining botnet called KmsdBot.

The malware, which could also be used for distributed denial-of-service (DDoS) attacks, was discovered by Akamai Security Research.

Akamai’s researchers witnessed the authors “accidentally crash” KmsdBot after observing the malware stopped sending attack commands after receiving:

!bigdata www.bitcoin.com443 / 30 3 3 100 

The lack of a space between the website and the...

6 December 2022 | Hacking & Security

Security leaders believe companies should face consequences for releasing insecure software

Someone sitting at a computer screen.

Organisations plan to invest in DevSecOps in 2023, and the level of urgency for them to do so has grown.

In a recent survey conducted by the Neustar International Security Council (NISC), 93% of participating information technology and security professionals reported that DevSecOps would be a significant budgeting priority in the coming year, with 55% emphasising it would be a very significant priority with their organisation.

Additionally, 86% of respondents agree that...

2 November 2022 | Developer