GitHub’s 2FA rollout boosts supply chain security

In a push to enhance the security of the software supply chain, GitHub has successfully rolled out mandatory two-factor authentication (2FA) for code contributors on its platform.

GitHub’s 2FA rollout – announced in May 2022 – aimed to address the critical first link in the software supply chain by securing the developers responsible for designing, building, and maintaining the software we all rely on.

The results are in

After a year of meticulous preparation,...

25 April 2024 | Developer

What developers can learn from the largest DDoS attack in history

This past October, Google Cloud disclosed that it had successfully mitigated the largest Distributed Denial of Service (DDoS) attack in history – and that this DDoS attack had been hitting businesses since August.

What made it the worst DDoS to date? It was the volume. At its peak, the attack counted over 398 million requests per second (rps). To compare, the worst recorded DDoS attack up to that point, detected in 2022, reached 46 million rps.

The fall 2023 attack,...

19 April 2024 | Hacking & Security

Fortifying app security with the help of Terraform

A staple of DevOps tech stacks, Terraform is an Infrastructure-as-Code (IaC) provisioning and management tool developed by HashiCorp. While Terraform itself is rarely associated with app security and is not directly related to the safety and cyber protection of applications, using it correctly is pivotal in the implementation of security best practices. 

As DevOps continues to morph into DevSecOps, and as supply chain attacks continue to breach enterprise systems,...

18 April 2024 | Cloud

Android 15 beta improves edge-to-edge, app archiving, and security

Google has released the first Android 15 beta with enhanced screen real estate utilisation, app archiving, and the bolstering of security measures. 

The tech giant has focused on optimising Android 15 for larger displays, such as those on foldable devices and tablets, by enabling apps' edge-to-edge capabilities by default. This move is will benefit developers by eliminating the need for them to explicitly command the app to engage these features. Additionally, developers will...

12 April 2024 | Android

Bitwarden strengthens passwordless authentication with magic links API

Credential management firm Bitwarden has announced an enhancement to its Passwordless.dev platform with the release of a magic links API.

Bitwarden’s latest offering empowers developers to seamlessly integrate passwordless authentication into their applications, providing a more secure and user-friendly experience for end-users.

The magic links API enables developers to send unique one-time-use links via email, allowing users to securely access their accounts or easily...

2 April 2024 | API

PyPI suspends registrations amid malware attack

The Python Package Index (PyPI) has suspended new project creation and user registration to mitigate an ongoing malware upload campaign. This move comes as security researchers at Checkmarx uncovered a campaign involving multiple malicious packages related to the same threat actors.

The attackers are targeting victims through typosquatting attacks, tricking users into installing malicious Python packages through their command-line interface. This multi-stage attack aims to steal...

28 March 2024 | Developer

GitHub’s code scanning autofix enters public beta

GitHub has announced that its code scanning autofix feature, powered by GitHub Copilot and CodeQL, is now available in public beta for all GitHub Advanced Security customers.

The autofix tool aims to remediate over two-thirds of vulnerabilities found during code scanning with minimal editing required by developers.

"Our vision for application security is an environment where found means fixed," said GitHub in a blog post. "By prioritising the developer experience in...

20 March 2024 | Developer

NVIDIA employs GenAI for rapid software vulnerability detection

NVIDIA has demonstrated how its generative AI technologies can help to quickly identify and mitigate common vulnerabilities and exposures (CVEs) and other software security risks.

The NVIDIA NIM and NeMo Retriever microservices – along with the Morpheus accelerated AI framework – enable security analysts to detect and mitigate risks in a matter of seconds, a task that previously took hours or even days using traditional methods.

Traditional cybersecurity methods...

19 March 2024 | Artificial Intelligence

Google paid $10M to bug hunters in 2023

Google has revealed that it paid out $10 million to over 600 bug hunters from 68 countries in 2023.

Throughout the year, Google's bug hunter community played a pivotal role in identifying and addressing thousands of vulnerabilities across various Google platforms. The company's dedication to incentivising researchers saw the introduction of several new programs and improvements to existing ones.

Among the notable developments was the launch of the Bonus Awards program,...

13 March 2024 | Android

GitHub enables secret scanning push protection by default

In response to the alarming trend of API keys, tokens, and other confidential data being inadvertently exposed, GitHub has taken further steps to fortify its platform against potential breaches.

Within the first two months of 2024, GitHub has uncovered one million leaked secrets across public repositories, averaging over a dozen incidents per minute. Such alarming figures underscore the pressing need for robust safeguards to protect users and their data.

Since August...

1 March 2024 | Developer