#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
SaaS Security

open source repository | Breaking Cybersecurity News | The Hacker News

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository

Apr 16, 2020
As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems — packages written in Ruby programming language — that supply chain attackers were caught recently distributing through the RubyGems repository. The malicious campaign leveraged the typosquatting technique where attackers uploaded intentionally misspelled legitimate packages in hopes that unwitting developers will mistype the name and unintentionally install the malicious library instead. ReversingLabs said the typosquatted packages in question were uploaded to RubyGems between February 16 and February 25, and that most of them have been designed to secretly steal funds by r
Confirmed—Microsoft Buys GitHub For $7.5 Billion

Confirmed—Microsoft Buys GitHub For $7.5 Billion

Jun 04, 2018
Here's the biggest news of the week—Microsoft has reportedly acquired GitHub for $7.5 billion. For those unaware, GitHub is a popular code repository hosting service that allows developers to host their projects, documentation, and code in the cloud using the popular Git source management system, invented in 2005 by Linux founder Linus Torvalds. GitHub is used by many developers and big tech companies including Apple, Amazon, Google, Facebook, and IBM to store their corporate code and privately collaborate on software, but Microsoft is one of the top contributors to the web-hosting service. Microsoft has uploaded several of its most important projects, including PowerShell , the .NET framework, and the Microsoft Edge JavaScript engine , to the website under open source licenses. Microsoft also partnered with Canonical to bring Ubuntu to Windows 10 . Citing sources familiar with the matter, Bloomberg reports that GitHub opted to sell to Microsoft in part because it was impr
6 Ways to Simplify SaaS Identity Governance

6 Ways to Simplify SaaS Identity Governance

Feb 21, 2024SaaS Security / Identity Management
With SaaS applications now making up the vast majority of technology used by employees in most organizations, tasks related to identity governance need to happen across a myriad of individual SaaS apps. This presents a huge challenge for centralized IT teams who are ultimately held responsible for managing and securing app access, but can't possibly become experts in the nuances of the native security settings and access controls for hundreds (or thousands) of apps. And, even if they could, the sheer volume of tasks would easily bury them. Modern IT teams need a way to orchestrate and govern SaaS identity governance by engaging the application owners in the business who are most familiar with how the tool is used, and who needs what type of access.  Nudge Security is a  SaaS security and governance solution  that can help you do just that, with automated workflows to save time and make the process manageable at scale. Read on to learn how it works. 1 . Discover all SaaS apps used b
Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub

Microsoft is Shutting Down CodePlex, Asks Devs To Move To GitHub

Apr 03, 2017
Microsoft has announced to shut down CodePlex -- its website for hosting repositories of open-source software projects -- on December 15, 2017. Launched in 2006, CodePlex was one of the Microsoft's biggest steps towards the world of open source community -- where any programmer, anywhere can share the code for their software or download and tweak the code to their liking. However, Microsoft says that the service has dramatically fallen in usage and that fewer than 350 projects seeing a source code commit over the last 30 days, pointing to GitHub as the "de-facto place for open source sharing." GitHub – 'Facebook for Programmers' In a blog post published Friday, Microsoft Corporate VP Brian Harry wrote that the shutdown of CodePlex is because the open source community has almost entirely moved over to GitHub, which provides similar functionality for sharing code that people can collaborate on. "Over the years, we have seen a lot of amazing opti
cyber security

NIST Cybersecurity Framework: Your Go-To Cybersecurity Standard is Changing

websiteArmorPointCybersecurity / Risk Management
Find everything you need to know to prepare for NIST CSF 2.0's impending release in this guide.
Cybersecurity Resources