cyber security Archives - Developer Tech News https://www.developer-tech.com/news/tag/cyber-security/ Gaming, Apps, HTML5, Java, PHP, C#, .net, IOT Mon, 04 Nov 2024 15:26:39 +0000 en-GB hourly 1 https://www.developer-tech.com/wp-content/uploads/2020/09/dev-icon-60x60.png cyber security Archives - Developer Tech News https://www.developer-tech.com/news/tag/cyber-security/ 32 32 NPM supply chain attack uses Ethereum blockchain https://www.developer-tech.com/news/npm-supply-chain-attack-ethereum-blockchain/ https://www.developer-tech.com/news/npm-supply-chain-attack-ethereum-blockchain/#respond Mon, 04 Nov 2024 15:26:36 +0000 https://www.developer-tech.com/?p=46773 Checkmarx researchers have detected a unique supply chain attack within the NPM ecosystem that uses the Ethereum blockchain. The malicious package, dubbed “jest-fet-mock,” targets developers with a multi-platform malware employing Ethereum smart contracts for command-and-control (C2) operations. This marks a convergence of blockchain technology with traditional attack vectors—a method not yet observed in NPM packages. ... Read more »

The post NPM supply chain attack uses Ethereum blockchain appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/npm-supply-chain-attack-ethereum-blockchain/feed/ 0
EMERALDWHALE exploits vulnerable Git configuration files https://www.developer-tech.com/news/emeraldwhale-exploits-vulnerable-git-configuration-files/ https://www.developer-tech.com/news/emeraldwhale-exploits-vulnerable-git-configuration-files/#respond Fri, 01 Nov 2024 15:35:46 +0000 https://www.developer-tech.com/?p=46764 Sysdig’s Threat Research Team (TRT) has uncovered a global operation known as EMERALDWHALE, which has stolen over 15,000 cloud service credentials by exploiting exposed Git configuration files. EMERALDWHALE utilised multiple private tools to exploit several misconfigured web services, resulting in the theft of credentials from more than 10,000 private repositories. Though the operation’s primary targets... Read more »

The post EMERALDWHALE exploits vulnerable Git configuration files appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/emeraldwhale-exploits-vulnerable-git-configuration-files/feed/ 0
Zscaler highlights security trends challenging developers https://www.developer-tech.com/news/zscaler-security-trends-challenging-developers/ https://www.developer-tech.com/news/zscaler-security-trends-challenging-developers/#respond Tue, 15 Oct 2024 15:28:37 +0000 https://www.developer-tech.com/?p=46694 Zscaler has released its annual ThreatLabz report, highlighting security challenges that should be on every developer’s radar. The 2024 Mobile, IoT, and OT Threat Report – covering June 2023 to May 2024 – highlights critical vulnerabilities in mobile applications, IoT devices, and operational technology (OT) systems that demand immediate attention from the development community. One... Read more »

The post Zscaler highlights security trends challenging developers appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/zscaler-security-trends-challenging-developers/feed/ 0
Entry points threaten multiple open-source ecosystems https://www.developer-tech.com/news/entry-points-threaten-multiple-open-source-ecosystems/ https://www.developer-tech.com/news/entry-points-threaten-multiple-open-source-ecosystems/#respond Mon, 14 Oct 2024 13:58:48 +0000 https://www.developer-tech.com/?p=46680 While current tools have improved at detecting common tactics for exploiting open-source packages, a feature remains largely overlooked: entry points. Security researchers at Checkmarx uncovered how attackers can leverage entry points across multiple programming ecosystems, with a particular focus on PyPI, to trick victims into running malicious code. This method – while not allowing for... Read more »

The post Entry points threaten multiple open-source ecosystems appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/entry-points-threaten-multiple-open-source-ecosystems/feed/ 0
GitLab releases critical security patches amid vulnerability streak https://www.developer-tech.com/news/gitlab-releases-critical-security-patches-vulnerability-streak/ https://www.developer-tech.com/news/gitlab-releases-critical-security-patches-vulnerability-streak/#respond Fri, 11 Oct 2024 13:30:48 +0000 https://www.developer-tech.com/?p=46671 GitLab has released a new round of critical security patches for its Community Edition (CE) and Enterprise Edition (EE) products. The company strongly recommends that all self-managed GitLab installations be upgraded immediately to one of the latest versions: 17.4.2, 17.3.5, or 17.2.9. These patch releases address several critical and high-severity vulnerabilities, including a critical flaw... Read more »

The post GitLab releases critical security patches amid vulnerability streak appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/gitlab-releases-critical-security-patches-vulnerability-streak/feed/ 0
North Korean hackers target developers with fake job interviews https://www.developer-tech.com/news/north-korean-hackers-target-developers-fake-job-interviews/ https://www.developer-tech.com/news/north-korean-hackers-target-developers-fake-job-interviews/#respond Wed, 11 Sep 2024 16:11:25 +0000 https://www.developer-tech.com/?p=46518 Cybersecurity researchers at ReversingLabs have uncovered malicious software packages linked to a campaign known as VMConnect, believed to be orchestrated by the North Korean hacking team Lazarus Group. The campaign, first identified in August 2023, uses fake job interviews to lure developers into downloading and executing malicious code. The latest samples were traced to GitHub... Read more »

The post North Korean hackers target developers with fake job interviews appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/north-korean-hackers-target-developers-fake-job-interviews/feed/ 0
Roblox developers targeted by year-long malware campaign https://www.developer-tech.com/news/roblox-developers-targeted-year-long-malware-campaign/ https://www.developer-tech.com/news/roblox-developers-targeted-year-long-malware-campaign/#respond Mon, 02 Sep 2024 15:38:19 +0000 https://www.developer-tech.com/?p=46479 A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems. The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It... Read more »

The post Roblox developers targeted by year-long malware campaign appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/roblox-developers-targeted-year-long-malware-campaign/feed/ 0
North Korean hackers target developers in latest npm attack wave https://www.developer-tech.com/news/north-korean-hackers-target-developers-npm-attack-wave/ https://www.developer-tech.com/news/north-korean-hackers-target-developers-npm-attack-wave/#respond Thu, 29 Aug 2024 12:16:20 +0000 https://www.developer-tech.com/?p=46462 A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository. Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers. The campaign began on 12th August and... Read more »

The post North Korean hackers target developers in latest npm attack wave appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/north-korean-hackers-target-developers-npm-attack-wave/feed/ 0
Unit 42 researchers uncover critical GitHub Actions vulnerability https://www.developer-tech.com/news/unit-42-researchers-critical-github-actions-vulnerability/ https://www.developer-tech.com/news/unit-42-researchers-critical-github-actions-vulnerability/#respond Thu, 15 Aug 2024 11:03:55 +0000 https://www.developer-tech.com/?p=46394 A new attack vector that could compromise GitHub repositories has been uncovered by researchers at Palo Alto Networks’ Unit 42 team. The vulnerability, which exploits GitHub Actions artifacts generated during CI/CD workflows, could potentially grant high-level access to cloud environments. The researchers found that a combination of misconfigurations and security flaws can cause artifacts to... Read more »

The post Unit 42 researchers uncover critical GitHub Actions vulnerability appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/unit-42-researchers-critical-github-actions-vulnerability/feed/ 0
GitHub’s Copilot Autofix triples vulnerability remediation speed https://www.developer-tech.com/news/github-copilot-autofix-triples-vulnerability-remediation-speed/ https://www.developer-tech.com/news/github-copilot-autofix-triples-vulnerability-remediation-speed/#respond Wed, 14 Aug 2024 16:00:08 +0000 https://www.developer-tech.com/?p=46390 Shipping software quickly often comes at the cost of security, with vulnerabilities inadvertently making their way into production code. This poses a significant challenge, as many developers find security requirements complex and difficult to implement. “Developers are shipping software faster than previously imaginable, releasing new features early and often. Yet, despite their best efforts to... Read more »

The post GitHub’s Copilot Autofix triples vulnerability remediation speed appeared first on Developer Tech News.

]]>
https://www.developer-tech.com/news/github-copilot-autofix-triples-vulnerability-remediation-speed/feed/ 0