White House urges adoption of memory-safe programming languages

The White House Office of the National Cyber Director (ONCD) has released a new report today urging the technology industry to take steps to reduce vulnerabilities in software that leave digital systems open to cyberattacks.

The report, titled "Back to the Building Blocks: A Path Toward Secure and Measurable Software," emphasises the importance of technology manufacturers adopting memory-safe programming languages to prevent entire classes of vulnerabilities from entering the...

Python packages caught using DLL sideloading to bypass security

ReversingLabs researchers have uncovered Python packages using DLL sideloading to bypass security tools.

On 10 January 2024, Karlo Zanki, a reverse engineer at ReversingLabs, stumbled upon two suspicious packages on the Python Package Index (PyPI). These packages – named NP6HelperHttptest and NP6HelperHttper – were found to be utilising DLL sideloading, a known technique used by malicious actors to execute code discreetly and evade detection from security tools.

This...

Apple is killing web apps in the EU

Apple is ending support for progressive web apps (PWAs) for iPhone users within the EU, stirring concern among developers and users alike. This decision comes as a definitive blow to the accessibility and functionality of web-based applications on Apple devices.

The move to discontinue web app support has been apparent in each iteration of the iOS 17.4 beta, with users experiencing persistent issues. However, Apple has now clarified that this is deliberate.

In an update...

OpenText unveils next-gen cybersecurity auditing technology

OpenText has unveiled the second generation of its advanced cybersecurity auditing technology called Fortify Audit Assistant—aiming to help developers build more secure software amid rising threats and complexity in multi-cloud environments.

The key upgrade is the use of predictive analytics and machine learning to emulate human security auditors. By learning from 10 years of human expert data, the new Fortify Audit Assistant significantly improves accuracy and reduces false...

GitHub rotates credentials following vulnerability discovery

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday.  

The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it had been exploited in attacks, GitHub moved swiftly to rotate potentially exposed keys the same day as a...

Checkmarx uncovers persistent Python package threat

Checkmarx has uncovered a threat actor that has been quietly infiltrating the open-source ecosystem for nearly six months, planting malicious Python packages with a focus on deception and financial gain.

The malicious actor employed a systematic approach, disguising their packages with names closely resembling popular legitimate Python packages. These decoy packages, camouflaged to blend in, successfully garnered thousands of downloads. The malicious payload, embedded within the...

AI coding assistants: A double-edged sword for DevOps in 2024

A growing reliance on AI-powered coding assistants is reshaping how DevOps teams operate, for better or worse.

According to Forrester's 2024 cybersecurity, risk, and privacy predictions, AI coding assistants are becoming integral to boosting productivity. However, a cautionary note accompanies this technological shift, as Forrester warns of potential pitfalls that could lead to cybersecurity breaches.

Forrester predicts that the combination of inconsistent compliance and...

Sauce Labs exposes some developers’ risky habits

A survey by Sauce Labs of 500 US-based developers has put the spotlight on some concerning practices.

One alarming discovery was the tendency of developers to push code to production without adequate testing. 67 percent of respondents admitted to this practice, jeopardising software quality, user experience, and system stability.

Additionally, 68 percent confessed to merging their own pull requests without review—raising concerns about potential security...

Salt launches STEP program to enhance API security for enterprises

Salt Security has launched an initiative to help enterprises significantly reduce risk across their API ecosystem.

The STEP (Salt Technical Ecosystem Partner) program encompasses the integration of AI-driven API security insights into existing workflows and tools within organisations. This integration empowers joint customers to bolster their security posture using the Salt Security API Protection Platform.

Salt has introduced STEP’s inaugural partners, focusing on API...

Mathew Payne, GitHub: Protecting code while nurturing user experience

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience.

At the heart of GitHub's security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on securing the code created by both users and developers.

“The first thing that we focus on at GitHub is the security...