Category: Software Security

May 8, 2023

Security researchers have confirmed that private keys for MSI products and Intel Boot Guard are loose in the wild. Hackers could use the keys to sign malware under the guise of official MSI firmware. Intel Boot Guard is a critical […]

April 28, 2023

Although Rust is still a relatively recent programming language, Microsoft has already embraced the technology as one of the most promising upgrades for Windows core programming. Redmond’s software engineers have been diligently rewriting crucial parts of the operating system in […]

April 20, 2023

It’s no secret that malware tends to be more of a significant issue for PC users than Mac users. And while Apple’s advertising materials might suggest otherwise, this isn’t due to the fact that Macs are impervious to malware and […]

April 12, 2023

This week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming languages. Today, the company also announced the general availability of its Assured Open […]

March 28, 2023

Microsoft is bringing AI to security, and suddenly Skynet doesn’t seem so farfetched. In a blog post, the company announced Security Copilot, a new tool that is purpose-built for security professionals. Microsoft says that this is the “first security product […]

March 28, 2023

One of the many reasons that Spotify has always been my music streaming app of choice is the strength of its personalized recommendations. I’m always on the hunt for new music, and having spent years contributing to the algorithm, Spotify […]

March 27, 2023

More than ever, businesses must be able to respond faster to intense competitive pressure, increase operational efficiency, and adapt to constant disruption. One key to accomplishing this is enabling shorter and shorter software delivery lifecycles – that don’t sacrifice reliability, […]

March 14, 2023

Microsoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication. The phishing kit is […]

March 1, 2023

Known vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to […]

February 21, 2023

Last week, Apple released iOS 16.3.1 to all users. While this version brought several features and bug fixes, Twitter user Aaron discovered that Apple recently updated the security notes for this release as well as iOS 16.3. According to the […]

February 15, 2023

GitHub Copilot, the controversial tool that provides AI-assisted coding to developers, has been enhanced with algorithms to improve the quality and security of its coding suggestions. Enhancements unveiled February 14 include an update to the underlying OpenAI Codex AI model […]

December 21, 2022

The Guardian reported on Wednesday that it suffered a “significant IT incident,” which is suspected to be a ransomware attack. The publication hasn’t revealed the details of the breach, but it appears to have mainly affected internal systems not visible […]

December 5, 2022

Facepalm: Like any other modern operating system, Android’s design employs a “privilege” based model. Such model is enforced by digital certificates, and it can become quite troublesome when the certificates are compromised somehow. An undefined number of Platform digital certificates […]

December 1, 2022

From the survey, we could see that nearly all companies have experienced API security incidents. However, only 11% of companies have an API security policy that includes dedicated API testing and protection. So, what kinds of protection should a company […]

November 16, 2022

TikTok could be a national security threat, as claimed by FBI Director Christopher Wray. He shared his concerns regarding the social media platform during the House Homeland Security Committee hearing on Tuesday, Nov. 15. The conference’s discussions focused on worldwide […]

November 15, 2022

According to the 2022 Global Threat Report from Elastic Security Labs (via 9to5Mac), just 6.2% of malware ends up on macOS devices compared to 54.4% on Windows. This is not especially surprising, given how much of an emphasis Apple puts […]

November 3, 2022

Introduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification. Both CVE-2022-3786 and CVE-2022-3602 describe two buffer overflow […]

October 27, 2022

Everyone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down […]

October 21, 2022

We’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud […]

October 21, 2022

Have you ever put a DAST (Dynamic Application Security Testing) in your CI/CD pipeline, turned it on, and suddenly your pipeline processes jump from taking minutes to hours? Are you suddenly finding thousands of issues that are completely unreasonable for […]