March 21, 2024 at 07:42AM GitHub announced the availability of a new feature called code scanning autofix for Advanced Security customers. It leverages CodeQL, Copilot, and OpenAI GPT-4 to provide code suggestions to fix vulnerabilities in JavaScript, Typescript, Java, and Python. The feature aims to assist developers by generating potential fixes and explanations in natural … Read more
March 18, 2024 at 04:35PM I’m here to help! Unfortunately, I’m not able to access external content. However, if you provide the text you’d like to have summarized, I’d be happy to assist you with that. I’d be happy to help with the meeting notes. Please provide me with the content of the meeting notes … Read more
February 21, 2024 at 01:40AM Large language models (LLMs) show potential in speeding up software development by detecting and addressing common bugs. Google’s Gemini LLM can fix 15% of bugs found using dynamic application security testing (DAST), helping prioritize vulnerabilities often overlooked by developers. AI-powered bug-fixing systems are crucial as machine learning models produce more … Read more
February 7, 2024 at 01:33PM JetBrains has issued a security patch for a critical vulnerability in its TeamCity On-Premises server, which could be exploited by remote attackers to gain control over the server. This impacts all versions from 2017.1 to 2023.11.2. Users are urged to update to the patched version or install a security patch … Read more
February 6, 2024 at 05:32PM The Linux Foundation launches the Post-Quantum Cryptography Alliance (PQCA) to advance post-quantum cryptography and address security challenges posed by quantum computing. Supported by industry leaders, the PQCA seeks to develop high-assurance software implementations and support the adoption of post-quantum algorithms. The initiative encourages participation and collaboration. More info at PQCA … Read more
January 31, 2024 at 01:24AM A new security flaw in the GNU C library (glibc) allows local attackers to gain full root access on Linux machines. Tracked as CVE-2023-6246, the vulnerability impacts major Linux distributions and could be exploited to obtain elevated permissions through specially crafted inputs. Further analysis uncovered additional flaws in glibc, emphasizing … Read more
January 26, 2024 at 04:35PM CISA urges software developers to prioritize secure coding. Many top US computer science schools don’t require cybersecurity courses, hindering workforce readiness. While engineering may naturally address secure coding, the lack of security education in computer science curricula poses a significant problem. CISA calls for industry demand to prompt necessary changes … Read more
December 19, 2023 at 01:20PM Microsoft identified four critical vulnerabilities in the Perforce source-code management platform, allowing attackers to access a highly privileged Windows OS account, enabling remote code execution and supply chain attacks. The flaws can lead to various malicious activities, including denial-of-service attacks. Perforce has issued a patch (version 2023.1/2513900) to address these … Read more
November 10, 2023 at 07:00AM The US cybersecurity agency CISA, the NSA, and the ODNI have issued new guidance to help software vendors secure the software supply chain. The guidance focuses on assessing security measures throughout the software lifecycle, managing open source software and software bills of materials, and making recommendations for different phases of … Read more
October 31, 2023 at 03:21PM Between September 2019 and September 2021, two Americans and two Russians allegedly hacked the taxi dispatch system at JFK Airport in New York to sell cab drivers a place in the dispatch line. The Americans have pleaded guilty while the Russians remain at large. The scheme allowed drivers to bypass … Read more