Collecting Cyber-News from over 60 sources

Tag: programming

CISOs should stop freaking out about attackers getting a boost from LLMs

Dec 18, 2024 8:43 AM

by

Andy Stern

in SecurityNews

Tags: ai, attack, automation, ciso, cyber, cybercrime, cybersecurity, defense, disinformation, exploit, hacker, hacking, infrastructure, LLM, malware, network, offense, penetration-testing, phishing, programming, ransomware, risk, social-engineering, startup, technology, threat, tool, vulnerability, warfare

A common refrain from cybersecurity professionals in recent years has been the need for a diversification of the CISO role to meet the demands of increased responsibility across numerous categories. In the past year, this refrain has grown louder, specifically around the topic of generative AI.Large language models (LLMs) have added a new dimension to…
How to Assess Virtual Machines Prior to Deployment with Spectra Assure

Dec 17, 2024 10:42 PM

by

Andy Stern

in SecurityNews

Tags: cloud, cyberattack, data, data-breach, finance, malware, programming, risk, software, vulnerability
Data Governance in DevOps: Ensuring Compliance in the AI Era

Dec 16, 2024 12:42 PM

by

Andy Stern

in SecurityNews

Tags: ai, compliance, data, governance, intelligence, programming, software

With the evolution of modern software development, CI/CD pipeline governance has emerged as a critical factor in maintaining both agility and compliance. As we enter the age of artificial intelligence (AI), the importance of robust pipeline governance has only intensified. With that said, we’ll explore the concept of CI/CD pipeline governance and why it’s vital,…
Security leaders top 10 takeaways for 2024

Dec 16, 2024 8:42 AM

by

Andy Stern

in SecurityNews

Tags: access, ai, attack, automation, best-practice, breach, business, ciso, cloud, compliance, corporate, crowdstrike, cybercrime, cybersecurity, data, deep-fake, detection, email, finance, fraud, governance, group, guide, hacker, identity, incident response, infosec, ISO-27001, office, okta, phishing, privacy, programming, regulation, risk, risk-management, saas, security-incident, service, software, startup, strategy, technology, threat, tool, training, vulnerability

This year has been challenging for CISOs, with a growing burden of responsibility, the push to make cybersecurity a business enabler, the threat of legal liability for security incidents, and an expanding attack landscape.As the year comes to a close, CISOs reflect on some of the takeaways that have shaped the security landscape in 2024.…
Microsoft Windows ‘Best Fit’ character conversion ‘ripe for exploitation’

Dec 12, 2024 9:05 PM

by

Andy Stern

in SecurityNews

Tags: api, application-security, attack, cve, exploit, flaw, injection, malicious, microsoft, mitigation, office, programming, software, switch, technology, tool, vulnerability, windows

Security researchers have outlined a novel attack vector that exploits the “Best Fit” character conversion technology built into Windows.The technology comes into play in string conversions, particularly when characters cannot be directly represented in a target character set.However, application security experts Orange Tsai and Splitline Huang from Taiwanese firm DEVCORE used a presentation at Black…
Top November Attacks – Contrast ADR Attack Data – Contrast Security

Dec 12, 2024 1:05 PM

by

Andy Stern

in SecurityNews

Tags: api, attack, data, defense, detection, programming
Enhancing Mobile App API Security: Closing Gaps with a Robust SDK

Dec 10, 2024 2:07 PM

by

Andy Stern

in SecurityNews

Tags: api, application-security, mobile, programming, software, threat
Multiple ICS Advisories Released by CISA Detailing Exploits Vulnerabilities

Dec 6, 2024 8:48 AM

by

Andy Stern

in SecurityNews

Tags: cisa, control, cyber, cybersecurity, exploit, infrastructure, programming, risk, software, switch, technology, vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has released two advisories highlighting significant security vulnerabilities in Industrial Control Systems (ICS) software and hardware. These vulnerabilities, identified in AutomationDirect’s C-More EA9 Programming Software and Planet Technology’s industrial switch WGS-804HPT, could pose serious risks to critical infrastructure if exploited by attackers. AutomationDirect C-More EA9 Programming Software The…
Securing cloud-native applications: Why a comprehensive API security strategy is essential

Dec 6, 2024 12:49 AM

by

Andy Stern

in SecurityNews

Tags: access, ai, api, attack, authentication, automation, best-practice, breach, business, cloud, compliance, control, data, data-breach, ddos, detection, exploit, finance, firewall, gartner, guide, infrastructure, intelligence, malicious, microsoft, monitoring, open-source, programming, risk, risk-management, saas, service, strategy, threat, tool, unauthorized, vulnerability, waf

Despite their capabilities and benefits, cloud-native applications also present several security challenges. Application programming interfaces (APIs) are among the top areas of risk for these applications. This isn’t surprising. As organizations look to enhance connections between digital services and increase data sharing between modern applications and systems, APIs are proliferating rapidly across hybrid and multicloud…
Solana SDK backdoored to steal secrets, private keys

Dec 5, 2024 1:48 PM

by

Andy Stern

in SecurityNews

Tags: access, api, attack, backdoor, blockchain, ceo, cloud, credentials, crypto, data, malicious, phishing, programming, risk, software, supply-chain, unauthorized, update

The JavaScript-based software development kit (SDK) that allows developers to interact with the Solana Blockchain has suffered a supply chain attack aimed at crypto theft.Solana Web3.js library, which provides APIs for sending transactions, managing accounts, querying blockchain data, and interacting with smart contracts, was backdoored to retrieve private keys.The attack was first reported by Anza,…
Solana SDK backdoored for stealing secrets, private keys

Dec 5, 2024 12:48 PM

by

Andy Stern

in SecurityNews

Tags: access, api, attack, backdoor, blockchain, ceo, cloud, credentials, crypto, data, malicious, phishing, programming, risk, software, supply-chain, unauthorized, update

The JavaScript-based software development kit (SDK) that allows developers to interact with the Solana Blockchain has suffered a supply chain attack aimed at crypto theft.Solana Web3.js library, which provides APIs for sending transactions, managing accounts, querying blockchain data, and interacting with smart contracts, was backdoored to retrieve private keys.The attack was first reported by Anza,…
Secrets Scanning: How It Works and Why It’s Important

Dec 5, 2024 6:48 AM

by

Andy Stern

in SecurityNews

Tags: api, best-practice, breach, password, programming, software
API Key Security Best Practices: Secure Sensitive Data

Dec 5, 2024 6:48 AM

by

Andy Stern

in SecurityNews

Tags: access, api, best-practice, breach, data, programming, risk, service, unauthorized
Why Robust API Security is a Must for Your Business

Dec 5, 2024 5:48 AM

by

Andy Stern

in SecurityNews

Tags: api, business, cybersecurity, data, programming, software

How Does API Security Influence Cybersecurity? As a seasoned data management expert and cybersecurity specialist, I’ve witnessed firsthand the significant impact API security can have on an organization’s overall cybersecurity posture. But why is API security so integral? Let’s delve into that. Application Programming Interfaces (APIs) are the connective tissue of modern software development, bridging……
How Python Software Development Enhances Cyber Defense

Nov 29, 2024 5:28 PM

by

Andy Stern

in SecurityNews

Tags: cyber, cybercrime, cybersecurity, defense, programming, software, threat, tool

Python has emerged as a powerful ally in combating rising cybersecurity threats and tracking cybercrime through tools leveraging… First seen on hackread.com Jump to article: hackread.com/python-software-development-enhances-cyber-defense/
Popular game script spoofed to infect thousands of game developers

Nov 29, 2024 1:28 PM

by

Andy Stern

in SecurityNews

Tags: android, antivirus, attack, crypto, github, linux, macOS, malicious, malware, network, open-source, programming, service, software, tactics, vulnerability, windows

A malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
The Elephant in AppSec Talks Highlight: Shifting Left Doesn’t Mean Anything Anymore

Nov 26, 2024 11:12 PM

by

Andy Stern

in SecurityNews

Tags: application-security, conference, programming, software

Discover key highlights from Tanya Janca’s talk at The Elephant in AppSec Conference on shifting security to be present throughout the entire Software Development Lifecycle. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/the-elephant-in-appsec-talks-highlight-shifting-left-doesnt-mean-anything-anymore/
Starbucks operations hit after ransomware attack on supply chain software vendor

Nov 26, 2024 11:12 AM

by

Andy Stern

in SecurityNews

Tags: ai, attack, ceo, control, crowdstrike, cybersecurity, hacker, monitoring, open-source, privacy, programming, radius, ransomware, risk, risk-assessment, service, software, supply-chain, tool, vulnerability

Starbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company’s ability to process employee schedules and payroll, according to Reuters.Last week, Blue Yonder, a UK-based supply chain software vendor serving Starbucks and other retailers, acknowledged experiencing service disruptions due to a ransomware attack.”Blue Yonder experienced disruptions to…
API (In)security: The Hidden Risk of Black Friday

Nov 21, 2024 4:57 PM

by

Andy Stern

in SecurityNews

Tags: access, api, application-security, attack, authentication, best-practice, breach, compliance, control, corporate, credentials, cyberattack, cybercrime, cybersecurity, data, data-breach, defense, detection, encryption, endpoint, exploit, finance, firewall, fraud, governance, infrastructure, injection, least-privilege, malicious, mobile, monitoring, penetration-testing, programming, risk, security-incident, service, sql, theft, threat, tool, unauthorized, vulnerability

Black Friday may be the pinnacle of the holiday shopping season, a day when online retailers experience unprecedented traffic and revenue opportunities as consumers kick off the Christmas season. For many retailers, it’s a make-or-break event. Yet, with increased traffic comes increased risk, particularly as it relates to cybersecurity and keeping shoppers safe from fraud…
Securing the Software Supply Chain: Checkmarx One Expands its Offerings

Nov 20, 2024 8:53 PM

by

Andy Stern

in SecurityNews

Tags: ai, container, detection, exploit, programming, software, strategy, supply-chain, threat, tool

The software supply chain is under siege. Threat actors increasingly exploit weaknesses in code repositories, dependencies and mismanaged secrets to infiltrate and disrupt software development processes. In response, organizations are turning to robust strategies to safeguard their supply chains, including tools like SCA scanning, AI and container security, secrets detection and repository health monitoring. Checkmarx’s..…
Overreliance on GenAI to develop software compromises security

Nov 20, 2024 5:53 AM

by

Andy Stern

in SecurityNews

Tags: ai, programming, software

GenAI is quickly changing the software development process by automating tasks that once took developers hours, if not days, to complete, bolstering efficiency and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/genai-software-development-process-security/
Why shift left alone isn’t enough to manage software risk

Nov 19, 2024 3:53 PM

by

Andy Stern

in SecurityNews

Tags: application-security, programming, risk, software, strategy
Unlocking the Power and Potential of GenAI in Software Development

Nov 19, 2024 12:53 PM

by

Andy Stern

in SecurityNews

Tags: ai, governance, programming, software, tool
Our commitment to you and an update on severity ratings for software quality

Nov 13, 2024 7:53 PM

by

Andy Stern

in SecurityNews

Tags: programming, software, update

The speed of software development and product delivery is increasing for organizations everywhere including here at Sonar. In this blog, we decided to put our guiding engineering principles in writing and share them with you. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/our-commitment-to-you-and-an-update-on-severity-ratings-for-software-quality/
PlatformEngineering.com: Strengthening Security in the Software Development Lifecycle

Nov 13, 2024 6:53 PM

by

Andy Stern

in SecurityNews

Tags: group, programming, software

The Techstrong Group is thrilled to announce the launch of PlatformEngineering.com, a new platform dedicated to advancing the platform engineering discipline. This addition to the Techstrong family”, including Security Boulevard”, promises to be a critical resource for organizations seeking to enhance their software delivery pipelines while ensuring robust security measures. The Intersection of Platform Engineering…
Transforming Security: How SAST Enhances Your Secure Code Review Process?

Nov 12, 2024 8:04 PM

by

Andy Stern

in SecurityNews

Tags: application-security, detection, programming, software, threat, vulnerability

Secure coding has become a critical aspect of software development, and the need for effective security testing is at an all-time high. Vulnerabilities in code can expose applications to serious threats, making early detection vital for maintaining security and performance. One powerful approach to achieving this is by implementing Static Application Security Testing (SAST) within……
Shifting Left for Proactive IT Security and ITSM

Nov 7, 2024 7:05 PM

by

Andy Stern

in SecurityNews

Tags: compliance, programming, service, software, threat
How to Improve the Security of AI-Assisted Software Development

Oct 30, 2024 11:55 AM

by

Andy Stern

in SecurityNews

Tags: ai, ciso, programming, software

CISOs need an AI visibility and KPI plan that supports a just right balance to enable optimal security and productivity outcomes. The post How to Impr… First seen on securityweek.com Jump to article: www.securityweek.com/how-to-improve-the-security-of-ai-assisted-software-development/
We are joining forces with Google Cloud to accelerate AI and software development with privacy-first data solutions on Google Cloud Marketplace

Oct 29, 2024 11:56 PM

by

Andy Stern

in SecurityNews

Tags: ai, cloud, data, google, marketplace, privacy, programming, software

First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/we-are-joining-forces-with-google-cloud-to-accelerate-ai-and-software-development-with-privacy-first-data-solutions-on-google-cloud-marketplace/
Guest Essay: API security-related exposures rose steeply across all industries in Q3 2024

Oct 29, 2024 5:56 PM

by

Andy Stern

in SecurityNews

Tags: api, programming

Application Programming Interfaces (APIs) have become the backbone of modern enterprises, facilitating seamless communication between both internal sy… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/10/guest-essay-api-security-related-exposures-rose-steeply-across-all-industries-in-q3-2024/