infosec Archives - Developer Tech News

EMERALDWHALE exploits vulnerable Git configuration files

Ryan Daws — Fri, 01 Nov 2024 15:35:46 +0000

Sysdig’s Threat Research Team (TRT) has uncovered a global operation known as EMERALDWHALE, which has stolen over 15,000 cloud service credentials by exploiting exposed Git configuration files. EMERALDWHALE utilised multiple private tools to exploit several misconfigured web services, resulting in the theft of credentials from more than 10,000 private repositories. Though the operation’s primary targets... Read more »

The post EMERALDWHALE exploits vulnerable Git configuration files appeared first on Developer Tech News.

Zscaler highlights security trends challenging developers

Ryan Daws — Tue, 15 Oct 2024 15:28:37 +0000

Zscaler has released its annual ThreatLabz report, highlighting security challenges that should be on every developer’s radar. The 2024 Mobile, IoT, and OT Threat Report – covering June 2023 to May 2024 – highlights critical vulnerabilities in mobile applications, IoT devices, and operational technology (OT) systems that demand immediate attention from the development community. One... Read more »

The post Zscaler highlights security trends challenging developers appeared first on Developer Tech News.

GitLab releases critical security patches amid vulnerability streak

Ryan Daws — Fri, 11 Oct 2024 13:30:48 +0000

GitLab has released a new round of critical security patches for its Community Edition (CE) and Enterprise Edition (EE) products. The company strongly recommends that all self-managed GitLab installations be upgraded immediately to one of the latest versions: 17.4.2, 17.3.5, or 17.2.9. These patch releases address several critical and high-severity vulnerabilities, including a critical flaw... Read more »

The post GitLab releases critical security patches amid vulnerability streak appeared first on Developer Tech News.

North Korean hackers target developers with fake job interviews

Ryan Daws — Wed, 11 Sep 2024 16:11:25 +0000

Cybersecurity researchers at ReversingLabs have uncovered malicious software packages linked to a campaign known as VMConnect, believed to be orchestrated by the North Korean hacking team Lazarus Group. The campaign, first identified in August 2023, uses fake job interviews to lure developers into downloading and executing malicious code. The latest samples were traced to GitHub... Read more »

The post North Korean hackers target developers with fake job interviews appeared first on Developer Tech News.

Roblox developers targeted by year-long malware campaign

Ryan Daws — Mon, 02 Sep 2024 15:38:19 +0000

A sustained malware campaign targeting Roblox developers through malicious npm packages has been uncovered by Checkmarx security researchers. The attackers are impersonating the popular “noblox.js” library, publishing dozens of packages designed to steal sensitive information and compromise systems. The campaign, which has been active for over a year, exploits trust in the open-source ecosystem. It... Read more »

The post Roblox developers targeted by year-long malware campaign appeared first on Developer Tech News.

North Korean hackers target developers in latest npm attack wave

Ryan Daws — Thu, 29 Aug 2024 12:16:20 +0000

A fresh offensive by suspected North Korean hacking groups has targeted the open-source software community with a series of malicious packages uploaded to the npm repository. Identified by cybersecurity firm Phylum, the attacks leverage multiple techniques and appear designed to steal cryptocurrency and sensitive data from unsuspecting developers. The campaign began on 12th August and... Read more »

The post North Korean hackers target developers in latest npm attack wave appeared first on Developer Tech News.

GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability

Ryan Daws — Thu, 22 Aug 2024 12:26:30 +0000

GitHub has released Enterprise Server 3.13.3, addressing several security vulnerabilities, including a critical flaw affecting instances using SAML single sign-on. Alongside security patches, the update delivers bug fixes, minor feature enhancements, and changes to the platform. The most pressing issue tackled by this update is a critical vulnerability (CVE-2024-6800) impacting instances employing SAML SSO with... Read more »

The post GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability appeared first on Developer Tech News.

Mandrake spyware variant evades Google Play security for two years

Ryan Daws — Wed, 31 Jul 2024 13:18:33 +0000

Kaspersky researchers have uncovered a new version of the notorious Mandrake spyware, revealing advanced obfuscation techniques that allowed it to bypass Google Play’s security checks and remain undetected for two years. First identified in 2020, Mandrake has been an active Android espionage platform since at least 2016. The latest variant, detected in April 2024, showcases... Read more »

The post Mandrake spyware variant evades Google Play security for two years appeared first on Developer Tech News.

Images weaponised in latest supply chain attack

Ryan Daws — Tue, 16 Jul 2024 15:23:38 +0000

A series of malicious packages disguised as legitimate software have been discovered in the npm registry by cybersecurity firm Phylum. The packages – identified on 13 July 2024 – contained hidden command and control functionality embedded within image files, executed during the installation process. Phylum researchers uncovered two packages in this campaign, with one named... Read more »

The post Images weaponised in latest supply chain attack appeared first on Developer Tech News.

CocoaPods flaws highlight growing supply chain risks

Ryan Daws — Tue, 02 Jul 2024 15:02:36 +0000

Security researchers at E.V.A Information Security have uncovered several critical vulnerabilities in CocoaPods, a popular dependency manager for Swift and Objective-C projects. These vulnerabilities potentially expose millions of Apple devices to supply chain attacks, highlighting the growing risks associated with open-source software dependencies. CocoaPods, used in over three million mobile apps, plays a crucial role... Read more »

The post CocoaPods flaws highlight growing supply chain risks appeared first on Developer Tech News.