SEARCH
Archive
Malware Infects NetBeans Projects In Software Supply Chain Attack
The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new supply chain attack targeting NetBeans projects, GitHub Security Lab said.
GitHub Expands Scanning to Find Security Flaws in Code
The goal for secure software isn’t to never have vulnerabilities, but to be able to find vulnerabilities as soon as possible so that they can be fixed. GitHub has expanded its code scanning capabilities to make it easier for developers to identify flaws in projects that are managed on its platform.
Give IT a Break from Software Updates
Microsoft said it will pause non-security Windows updates beginning in May as part of its plan to reduce the update pressure on IT and security teams, as they are busy keeping organizations operational during the COVID-19 pandemic. Other software companies are adjusting their release schedules, recognizing that IT and security teams are currently stretched thin.
Older Bugs in Software Add to Security Debt
In the rush to fix newer vulnerabilities, the older ones are left unaddressed. The resulting security debt increases the organization's risk of a breach, Veracode warned.
FTC to Developers: Get Consent
The FTC action against a developer of "stalking" apps emphasized that installing an app that hid its presence on the device and didn't notify the user what it was doing was against the law.