#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Secure software | Breaking Cybersecurity News | The Hacker News

Category — Secure software
What is DevSecOps and Why is it Essential for Secure Software Delivery?

What is DevSecOps and Why is it Essential for Secure Software Delivery?

Jun 17, 2024 DevOps / Software Security
Traditional application security practices are not effective in the modern DevOps world. When security scans are run only at the end of the software delivery lifecycle (either right before or after a service is deployed), the ensuing process of compiling and fixing vulnerabilities creates massive overhead for developers. The overhead that degrades velocity and puts production deadlines at risk. Regulatory pressure to ensure the integrity of all software components is also ramping up dramatically. Applications are built with an increasing number of open source software (OSS) components and other 3rd party artifacts, each of which can introduce new vulnerabilities to the application. Attackers seek to exploit these components' vulnerabilities, which also puts the software's consumers at risk. Software represents the largest under-addressed attack surface that organizations face. Some interesting statistics to digest: More than 80% of software vulnerabilities are introduced through o
Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

Developer Alert: NPM Packages for Node.js Hiding Dangerous TurkoRat Malware

May 19, 2023 DevOpsSec / Supply Chain
Two malicious packages discovered in the npm package repository have been found to conceal an open source information stealer malware called  TurkoRat . The packages – named nodejs-encrypt-agent and nodejs-cookie-proxy-agent – were collectively downloaded approximately 1,200 times and were available for more than two months before they were identified and taken down. ReversingLabs, which broke down the details of the campaign, described TurkoRat as an information stealer capable of harvesting sensitive information such as login credentials, website cookies, and data from cryptocurrency wallets.  While nodejs-encrypt-agent came fitted with the malware inside, nodejs-cookie-proxy-agent was found to disguise the trojan as a dependency under the name axios-proxy. nodejs-encrypt-agent was also engineered to masquerade as another legitimate npm module known as  agent-base , which has been downloaded over 25 million times to date. The list of the rogue packages and their associated vers
SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

SANS Institute Unveils Critical Infrastructure Strategy Guide for 2024: A Call to Action for Securing ICS/OT Environments

Aug 30, 2024ICS Security / OT Security
A comprehensive guide authored by Dean Parsons, SANS Certified Instructor and CEO / Principal Consultant of ICS Defense Force, emphasizes the growing need for specialized ICS security measures in the face of rising cyber threats. With a staggering 50% increase in ransomware attacks targeting industrial control systems (ICS) in 2023, the SANS Institute is taking decisive action by announcing the release of its essential new strategy guide, " ICS Is the Business: Why Securing ICS/OT Environments Is Business-Critical in 2024 ." Authored by Dean Parsons, CEO of ICS Defense Force and a SANS Certified Instructor, this guide offers a comprehensive analysis of the rapidly evolving threat landscape and provides critical steps that organizations must take to safeguard their operations and ensure public safety. As cyber threats grow in both frequency and sophistication, this guide is an indispensable resource for securing the vital systems that underpin our world. Key Insights from t
Want More Secure Software? Start Recognizing Security-Skilled Developers

Want More Secure Software? Start Recognizing Security-Skilled Developers

Oct 05, 2022
Professional developers want to do the right thing, but in terms of security, they are rarely set up for success. Organizations must support their upskilling with precision training and incentives if they want secure software from the ground up. The cyber threat landscape grows more complex by the day, with our data widely considered highly desirable "digital gold". Attackers are constantly scanning networks for vulnerable applications, programs, cloud instances, and the latest flavor of the month is APIs, with Gartner  correctly predicting  that they would become the most common attack vector in 2022, and that is in no small part thanks to their often lax security controls.  Threat actors are so persistent that new apps can sometimes be compromised and exploited within hours of deployment. The  Verizon 2022 Data Breach Investigations Report  reveals that errors and misconfigurations were the cause of 13% of breaches, with the human element responsible overall for 82% of the 23,000
cyber security

Infostealers: How Attackers Are Stealing Your Cookies and Bypassing MFA

websitePush SecuritySaaS Security / Offensive Security
Join our webinar for a live demo of infostealer tools, showcasing session cookie theft and session hijacking to compromise MFA-protected M365 accounts and downstream SaaS apps.
Expert Insights
Cybersecurity Resources