Social engineering takeover attacks are on the rise
Thursday, April 18, 2024 by Brittany Hainzinger
OpenSSF and the OpenJS Foundation (home to JavaScript projects used by billions of websites worldwide) are alerting open-source project maintainers of social engineering takeover attacks, following new attack attempts they’ve witnessed similar to the XZ Utils incident.
The OpenJS Cross Project Council received suspicious emails, imploring OpenJS to update one o...
AI cybersecurity impacts according to NetLib Security
Monday, December 18, 2023 by Richard Harris
This is an easy call to make: NetLib Security predicts that Artificial Intelligence - Generative AI - will continue to heavily impact the world of cybersecurity, upping the game for defensive players, while giving cybercriminals more tools on the offensive side.
2023 was a year in which AI seemed suddenly to be everywhere. Although AI is not a new field, ChatGPT and ...
PCI DSS JavaScript compliance tool free from Jscrambler
Thursday, June 29, 2023 by Brittany Hainzinger
Jscrambler announced the launch and immediate availability of its free PCI DSS JavaScript Compliance Tool to ensure granular and flexible capacity to meet the stringent new requirements introduced by version 4.0 of the Payment Card Industry Data Security Standards (PCI DSS v4.0). This free assessment tool provides organizations of all sizes with clarity and si...
Oxeye discovers vulnerability in HashiCorp Vault Project
Tuesday, April 25, 2023 by Freeman Lightner
Oxeye announced the discovery of a new vulnerability in the HashiCorp Vault Project that has now been patched. HashiCorp Vault is a popular identity-based secret and encryption management system used to control access to API encryption keys, passwords, and certificates. The vulnerability was automatically discovered and reported by the Oxeye Platform during a deployment...
Protecting source code
Wednesday, October 6, 2021 by Nigel Thorpe
Earlier this year, EA (Electronic Arts), reported a cyberattack and the theft of some 780GB of source code for games such as FIFA 21 and the proprietary Frostbite game engine used for many other high-profile games such as Battlefield. The threat actors responsible for the EA data breach put the stolen data up for sale on an underground hacking forum for $28 million, pro...
DevSecOps will go mainstream this year
Tuesday, January 26, 2021 by Richard Harris
Cybercriminals love Shadow Code exploits because hacking a commonly used library or service can place the malicious code on hundreds or thousands of websites. For example, the widely used jQuery JavaScript library has been breached multiple times, leading to digital skimming attacks broadly across the e-commerce sector. Adding jQuery to an application without ...
Fortnite for Android is a trailblazing risk for mobile banking
Tuesday, August 14, 2018 by Sam Bakken
CEO Tim Sweeny of Epic Games, the publisher of the wildly popular Fortnite game, is on a mission to “advance the openness of all platforms” - not to mention side-step Google’s 30% take of developer proceeds - by distributing Fortnite for the Android platform via their website rather than the Google Play store. I applaud a maverick challenging the statu...
Avoid mobile cybersecurity threats by checking the source
Thursday, July 5, 2018 by Sam Bakken
Earlier this month IT news organizations around the globe reported that Epic Games’ popular Fortnite game was being counterfeited and malicious actors were, in fact, lacing the imposter apps with malware.
We’re only human, and people unwittingly let their guard down in anticipation of something they're passionate about, or when they think they might b...
ZipperDown vulnerability puts thousands of iOS apps at risk
Tuesday, May 22, 2018 by Christian Hargrave
ZipperDown vulnerability has put at risk potentially thousands of iOS apps on the market. Pangu Lab recently found that a vulnerability previously discovered in OAuth security is now being exploited by hackers to run malicious code on iOS applications. Casey Ellis, CTO of Bugcrowd, recently spoke on the matter, giving an in-depth technical overview of ZipperDown to deve...
Think Your Mobile App is Hack Proof Think Again
Tuesday, September 20, 2016 by Sam Rehman
In today’s mobile app economy, time to market and quality are critical to stay competitive. Developers race against the clock to create amazing apps, and considerable time is spent to test it again and again; agile and automation plays a big part into this. The goal is a release that is user friendly and resilient as defect-free as possible, offering a product that deep...
New XcodeGhost Malware Variation Discovered By Symantec
Wednesday, November 4, 2015 by Richard Harris
A new XcodeGhost malware variant has been discovered by the security team at Symantec. It was found in apps created with unofficial downloads of Xcode, which are hosted regionally, and can be attractive to developers because of the faster download speeds available when compared to the official version (due to the large file-size of Xcode).When these unverified versions ...
Your App is Compromised Thanks to Your Friendly Neighborhood App Hacker
Monday, August 4, 2014 by Stuart Parkerson
The advent of smart devices introduced a brave new world of opportunities for developers who hopped on the train and created mobile apps for iOS, Android and the other app markets. It was and is a great opportunity for developers. Of course humans being human, where an opportunity to make money exists, the more nefarious want to get their hands in the pot. And so, ...
App Developers: How to Protect Your Apps From Being Hacked in 2014
Wednesday, January 15, 2014 by Alan Kahn
With 2013 behind us we are left with the memory of a massive increase and change in cyber criminal behavior, as well as some foresight into 2014 and the things developers can do to protect applications from hacking.
As the Internet of Things (IoT) creates more situations where our daily lives, our governments, our utilities, our homes, and our businesses can be manag...
