Roblox developers targeted by year-long malware campaign

A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems.

The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It particularly targets the Roblox platform, a lucrative target due to its massive...

2 September 2024 | Development Tools

North Korean hackers target developers in latest npm attack wave

A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository.

Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers.

The campaign began on 12th August and involves several distinct publication patterns and attack types, suggesting the...

29 August 2024 | Developer

GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability

GitHub has released Enterprise Server 3.13.3, addressing several security vulnerabilities, including a critical flaw affecting instances using SAML single sign-on. 

Alongside security patches, the update delivers bug fixes, minor feature enhancements, and changes to the platform.

The most pressing issue tackled by this update is a critical vulnerability (CVE-2024-6800) impacting instances employing SAML SSO with specific Identity Providers...

22 August 2024 | Git

Unit 42 researchers uncover critical GitHub Actions vulnerability

A new attack vector that could compromise GitHub repositories has been uncovered by researchers at Palo Alto Networks' Unit 42 team. The vulnerability, which exploits GitHub Actions artifacts generated during CI/CD workflows, could potentially grant high-level access to cloud environments.

The researchers found that a combination of misconfigurations and security flaws can cause artifacts to leak tokens, including those for third-party cloud services and GitHub itself. These...

15 August 2024 | Developer

GitHub’s Copilot Autofix triples vulnerability remediation speed

Shipping software quickly often comes at the cost of security, with vulnerabilities inadvertently making their way into production code. This poses a significant challenge, as many developers find security requirements complex and difficult to implement.

"Developers are shipping software faster than previously imaginable, releasing new features early and often. Yet, despite their best efforts to code securely, software vulnerabilities inadvertently make their way into production...

14 August 2024 | Artificial Intelligence

Apple, the EU, and the threat of sideloaded applications

A huge shift has just happened in the mobile security landscape: Apple’s release of iOS 17.04 in March 2024 has allowed users to sideload apps and use third party app stores. This has largely been done in an effort to comply with the EU’s Digital Markets Act (DMA). The DMA was introduced by the European Commission in order to help mitigate the domination of silicon valley giants – which the DMA calls “gatekeepers” – over digital markets.

Specifically, the DMA states...

13 August 2024 | App Stores

Veracode unveils tools to combat growing security debt

To help organisations tackle mounting security debt and an expanding attack surface, Veracode has announced two new platform innovations.

Veracode has introduced Universal Connector and Application Security Heatmap, both powered by Longbow, to enable businesses to quickly identify and prioritise security risks across their applications.

These new capabilities come at a critical time, as organisations struggle to manage an overwhelming volume of security alerts and the...

1 August 2024 | Hacking & Security

Mandrake spyware variant evades Google Play security for two years

Kaspersky researchers have uncovered a new version of the notorious Mandrake spyware, revealing advanced obfuscation techniques that allowed it to bypass Google Play's security checks and remain undetected for two years.

First identified in 2020, Mandrake has been an active Android espionage platform since at least 2016. The latest variant, detected in April 2024, showcases enhanced functionality and evasion capabilities that have raised concerns among cybersecurity...

31 July 2024 | Android

Images weaponised in latest supply chain attack

A series of malicious packages disguised as legitimate software have been discovered in the npm registry by cybersecurity firm Phylum.

The packages – identified on 13 July 2024 – contained hidden command and control functionality embedded within image files, executed during the installation process.

Phylum researchers uncovered two packages in this campaign, with one named "img-aws-s3-object-multipart-copy" mimicking a legitimate GitHub library. The malicious version...

16 July 2024 | Hacking & Security

GitLab update addresses pipeline execution vulnerability

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users.

The company strongly recommends all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE).

The most critical vulnerability (CVE-2024-6385) affects GitLab versions 15.8 to 17.1.1. With a CVSS...

11 July 2024 | Developer