Software Security
May 8, 2023
Via: TechSpotSecurity researchers have confirmed that private keys for MSI products and Intel Boot Guard are loose in the wild. Hackers could use the keys to sign malware under the guise of official MSI firmware. Intel Boot Guard is a critical […]
April 28, 2023
Via: TechSpotAlthough Rust is still a relatively recent programming language, Microsoft has already embraced the technology as one of the most promising upgrades for Windows core programming. Redmond’s software engineers have been diligently rewriting crucial parts of the operating system in […]
April 20, 2023
Via: BGRIt’s no secret that malware tends to be more of a significant issue for PC users than Mac users. And while Apple’s advertising materials might suggest otherwise, this isn’t due to the fact that Macs are impervious to malware and […]
April 12, 2023
Via: InfoWorldThis week, Google launched a free API service that provides software developers with dependency data and security-related information on over 5 million software components across different programming languages. Today, the company also announced the general availability of its Assured Open […]
March 28, 2023
Via: BGRMicrosoft is bringing AI to security, and suddenly Skynet doesn’t seem so farfetched. In a blog post, the company announced Security Copilot, a new tool that is purpose-built for security professionals. Microsoft says that this is the “first security product […]
Software Category, Software Security
March 28, 2023
Via: BGROne of the many reasons that Spotify has always been my music streaming app of choice is the strength of its personalized recommendations. I’m always on the hunt for new music, and having spent years contributing to the algorithm, Spotify […]
March 27, 2023
Via: InfoQMore than ever, businesses must be able to respond faster to intense competitive pressure, increase operational efficiency, and adapt to constant disruption. One key to accomplishing this is enabling shorter and shorter software delivery lifecycles – that don’t sacrifice reliability, […]
March 14, 2023
Via: Ars TechnicaMicrosoft on Tuesday profiled software for sale in online forums that makes it easy for criminals to deploy phishing campaigns that successfully compromise accounts, even when they’re protected by the most common form of multi-factor authentication. The phishing kit is […]
March 1, 2023
Via: InfoWorldKnown vulnerabilities, compromise of legitimate package, and name confusion attacks are expected to be among the top ten open source software risks in 2023, according to a report by Endor Labs. The other major open source software risks, according to […]
iOS, Operating systems, Software Security
February 21, 2023
Via: BGRLast week, Apple released iOS 16.3.1 to all users. While this version brought several features and bug fixes, Twitter user Aaron discovered that Apple recently updated the security notes for this release as well as iOS 16.3. According to the […]
February 15, 2023
Via: InfoWorldGitHub Copilot, the controversial tool that provides AI-assisted coding to developers, has been enhanced with algorithms to improve the quality and security of its coding suggestions. Enhancements unveiled February 14 include an update to the underlying OpenAI Codex AI model […]
December 21, 2022
Via: TechSpotThe Guardian reported on Wednesday that it suffered a “significant IT incident,” which is suspected to be a ransomware attack. The publication hasn’t revealed the details of the breach, but it appears to have mainly affected internal systems not visible […]
December 5, 2022
Via: TechSpotFacepalm: Like any other modern operating system, Android’s design employs a “privilege” based model. Such model is enforced by digital certificates, and it can become quite troublesome when the certificates are compromised somehow. An undefined number of Platform digital certificates […]
December 1, 2022
Via: InfoQFrom the survey, we could see that nearly all companies have experienced API security incidents. However, only 11% of companies have an API security policy that includes dedicated API testing and protection. So, what kinds of protection should a company […]
November 16, 2022
Via: Tech TimesTikTok could be a national security threat, as claimed by FBI Director Christopher Wray. He shared his concerns regarding the social media platform during the House Homeland Security Committee hearing on Tuesday, Nov. 15. The conference’s discussions focused on worldwide […]
November 15, 2022
Via: BGRAccording to the 2022 Global Threat Report from Elastic Security Labs (via 9to5Mac), just 6.2% of malware ends up on macOS devices compared to 54.4% on Windows. This is not especially surprising, given how much of an emphasis Apple puts […]
November 3, 2022
Via: InfoQIntroduced in OpenSSL 3.0 in September 2021 and affecting all successive versions up to and including OpenSSL 3.0.6, the two recently patched vulnerabilities are caused by buffer overruns in X.509 certificate verification. Both CVE-2022-3786 and CVE-2022-3602 describe two buffer overflow […]
October 27, 2022
Via: ZDnetEveryone depends on OpenSSL. You may not know it, but OpenSSL is what makes it possible to use secure Transport Layer Security (TLS) on Linux, Unix, Windows, and many other operating systems. It’s also what is used to lock down […]
October 21, 2022
Via: InfoWorldWe’ve made a point of shoring up security for infrastructure-as-a-service clouds since they are so complex and have so many moving parts. Unfortunately, the many software-as-a-service systems in use for more than 20 years now have fallen down the cloud […]
October 21, 2022
Via: InfoQHave you ever put a DAST (Dynamic Application Security Testing) in your CI/CD pipeline, turned it on, and suddenly your pipeline processes jump from taking minutes to hours? Are you suddenly finding thousands of issues that are completely unreasonable for […]