August 21, 2024 at 08:08AM Developers are turning to AI programming assistants, but recent research warns about the risk of incorporating code suggestions without scrutiny, as large language models (LLMs) can be manipulated to release vulnerable code. The CodeBreaker method effectively poisons LLMs to suggest exploitable code. Developers must critically assess code suggestions and focus … Read more
July 18, 2024 at 08:21AM Join an upcoming webinar, “Turn Developers into Allies: The Power of Security Champion Programs,” to bridge the gap between developers and security. Learn about tactics to foster collaboration, effective communication, creating a culture of champions, and measuring success. The webinar features security experts from Mend.io, Yahoo, and Fortra. Register now … Read more
April 16, 2024 at 02:02PM YouTube has announced that third-party apps blocking ads during video playback violate its Terms of Service. Apps using YouTube APIs to block ads may soon be blocked from developer APIs, warning users may experience extended buffering or errors when loading videos. YouTube emphasized protecting creators’ revenue and suggests ad-free viewing … Read more
March 21, 2024 at 08:15AM GitHub introduced the public beta of code scanning autofix, leveraging Copilot and CodeQL AI tools to spot and suggest fixes for vulnerabilities in JavaScript, Typescript, Java, and Python repositories. The feature aims to expedite bug resolution and lessen unaddressed vulnerabilities, benefitting both developers and security teams. It is now in … Read more
November 7, 2023 at 07:00AM Secure-by-design is becoming a regulatory requirement for critical infrastructure, as outlined in the March 2023 National Cybersecurity Strategy. The concept is important to the federal government, and it is expected to be enforced through an Executive Order. However, there is currently no universally agreed-upon definition or way to measure secure-by-design. … Read more
November 6, 2023 at 03:05AM APIs are increasingly prevalent in today’s Internet-connected world, enabling devices and applications to exchange information and improve user experiences. However, as API usage increases, security implications arise. Attackers are becoming more sophisticated in targeting payment APIs, with traditional protection techniques proving ineffective. With the holiday season approaching, e-commerce platforms face … Read more
October 12, 2023 at 10:34AM Curl 8.4.0 has been released to address a high-severity security vulnerability (CVE-2023-38546), which caused concerns about its impact. The release includes fixes for two vulnerabilities: a high-severity heap buffer overflow bug and a low-severity cookie injection flaw. The exploit for the heap buffer overflow bug requires specific configurations and timing, … Read more
October 11, 2023 at 02:46PM Microsoft Defender for Endpoint now has a new feature called ‘contain user’ in public preview that helps prevent lateral movement in hands-on-keyboard attacks. It isolates compromised user accounts to disrupt attacks and prevent malicious actions such as credential theft and data exfiltration. The feature has been effective in protecting thousands … Read more