developers - Tagged - Security Boulevard

Complex Supply Chain Attack Targets GitHub Developers

Jeffrey Burt — Tue, 26 Mar 2024 18:42:46 +0000

Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with..

The post Complex Supply Chain Attack Targets GitHub Developers appeared first on Security Boulevard.

Application Security Trends & Challenges with Tanya Janca

Tom Eston — Mon, 04 Dec 2023 05:00:35 +0000

In this episode, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of Application Security. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner […]

The post Application Security Trends & Challenges with Tanya Janca appeared first on Shared Security Podcast.

The post Application Security Trends & Challenges with Tanya Janca appeared first on Security Boulevard.

Unveiling BlazeStealer Malware Python Packages on PyPI

Wajahat Raja — Wed, 22 Nov 2023 09:00:14 +0000

In a recent revelation, a cluster of malicious Python packages has infiltrated the Python Package Index (PyPI), posing a significant threat to developers’ systems by aiming to pilfer sensitive information. These deceptive packages, initially appearing as innocuous obfuscation tools, conceal a potent malware named BlazeStealer. In this blog post, we’ll cover the details of BlazeStealer […]

The post Unveiling BlazeStealer Malware Python Packages on PyPI appeared first on TuxCare.

The post Unveiling BlazeStealer Malware Python Packages on PyPI appeared first on Security Boulevard.

GitHub Vulnerability Put Code Packages at Risk of Repojacking

Jeffrey Burt — Tue, 12 Sep 2023 19:24:35 +0000

A new vulnerability found in GitHub’s operations could have given bad actors another way of getting around the code hosting platform’s security protections and exposing thousands of code packages to being hijacked. A hacker could have exploited the vulnerability to run a Repojacking attack by getting around GitHub’s popular repository namespace retirement mechanism, a tool..

The post GitHub Vulnerability Put Code Packages at Risk of Repojacking appeared first on Security Boulevard.

National Cybersecurity Strategy Requires Orgs to Rethink Software Quality

Manish Gupta — Mon, 21 Aug 2023 13:00:59 +0000

Software development is a global effort, with DevOps teams often dispersed around the world. According to Statista, there will be over 27.7 million developers worldwide in 2023. That’s a lot of engineers creating millions of lines of code each day, all of which are orchestrated within an enterprise’s DevOps workflow. With large amounts of code authored..

The post National Cybersecurity Strategy Requires Orgs to Rethink Software Quality appeared first on Security Boulevard.

Augmented Software Engineering in an AI Era

Gabriel Bayo — Mon, 13 Mar 2023 17:59:27 +0000

Artificial Intelligence (AI) has been making waves in many industries, and software engineering is no exception. AI has the potential to revolutionize the way software is developed, tested, and maintained, bringing a new level of automation and efficiency to the field. However, with this transformation comes new challenges and opportunities that software engineers will need […]

The post Augmented Software Engineering in an AI Era appeared first on Blog.

The post Augmented Software Engineering in an AI Era appeared first on Security Boulevard.

Debunking Three Common Threat Modeling Myths

Kevin Delaney — Fri, 24 Feb 2023 14:00:55 +0000

The benefits of threat modeling are significant. Not only does it provide a systematic process for evaluating potential threats to an organization’s system, but it also creates a framework for informed decision-making, ensuring the best use of limited resources. Despite threat modeling existing as a proven way to mitigate risk, in 2021, we saw a..

The post Debunking Three Common Threat Modeling Myths appeared first on Security Boulevard.

LoginRadius Launches a CLI for Enterprise Dashboard

Deepak Gupta — Mon, 16 Jan 2023 00:00:00 +0000

We are happy to announce that we have launched LoginRadius CLI for enterprise dashboard.

The post LoginRadius Launches a CLI for Enterprise Dashboard appeared first on Security Boulevard.

New Contrast Learning Hub and Community Platform | Blog

Orlando Villanueva — Tue, 13 Dec 2022 13:00:00 +0000

The 2022 Forrester Research survey, “Breaches By The Numbers: Adapting To Regional Challenges Is Imperative,” found that 63% of organizations were breached in the past year. It also showed that attackers are shifting their focus from targeting vulnerable infrastructure to targeting the code within applications.

The post New Contrast Learning Hub and Community Platform | Blog appeared first on Security Boulevard.

Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out

Tom Eston — Mon, 19 Sep 2022 04:00:28 +0000

In recent court testimony two Facebook engineers were asked what information, precisely, does Facebook store about us, and where is it? Surprisingly they said, they don’t know. Details on how brand new employees of companies are being “spearmished” (hat tip to @ErinInfosec and @RachelTobac via Twitter), and how thousands of Colorado residents found themselves locked […]

The post Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out appeared first on The Shared Security Show.

The post Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out appeared first on Security Boulevard.