software development Archives - Cyber Security Minute

Critical vulnerability in Spotify’s Backstage discovered, patched

Issued by: Help Net Security

A critical unauthenticated remote code execution vulnerability in Spotify’s Backstage project has been found and fixed, and developers are advised to take immediate action in their environments. What is Backstage? Having more than 19,000 stars on Github, Backstage is one of the most popular open-source platforms for building developer portals and is in widespread use…

Network Security

Delivering on the Promise of 5G Requires New Security Standards

Issued by: Security Week

5G has the potential to deliver incredible innovations — from smart cities to self-driving cars to advances in healthcare, manufacturing, and other key verticals. While 5G improves upon previous generations’ cybersecurity vulnerabilities, it also brings new risks: 5G is software-defined. The increased role of software in 5G makes it more susceptible to dynamic, software-based attacks…

Software Security

Retail and hospitality sector fixing software flaws at a faster rate than others

Issued by: Help Net Security

The retail and hospitality sector is fixing software flaws at a faster rate than five other sectors, a Veracode analysis of more than 130,000 applications reveals. The ability to find and fix potential security defects quickly is a necessity, particularly in an industry that requires rapid response to changing customer demands. Retail and hospitality also…

Software Security

Face recognition software making progress at recognizing masked faces

Issued by: Help Net Security

A study of face recognition technology created after the onset of the COVID-19 pandemic shows that some software developers have made demonstrable progress at recognizing masked faces. The findings, produced by NIST, measure the performance of face recognition algorithms developed following the arrival of the pandemic. A previous report from July explored the effect of…

Application Security

The state of application security: What the statistics tell us

Issued by: CSO

The emergence of the DevOps culture over the past several years has fundamentally changed software development, allowing companies to push code faster and to automatically scale the infrastructure needed to support new features and innovations. The increased push toward DevSecOps, which bakes security into the development and operations pipelines, is now changing the state of…

Malware & Threats

New software enables existing sensors to detect ransomware

Issued by: Help Net Security

Engineers from SMU’s Darwin Deason Institute for Cybersecurity have developed software to detect ransomware attacks before attackers can inflict catastrophic damage. Ransomware is crippling cities and businesses all over the world, and the number of ransomware attacks have increased since the start of the coronavirus pandemic. Attackers are also threatening to publicly release sensitive data…

Software Security, Vulnerabilities

What is a buffer overflow? And how hackers exploit these vulnerabilities

Issued by: CSO

Buffer overflow definition A buffer overflow or overrun is a memory safety issue where a program does not properly check the boundaries of an allocated fixed-length memory buffer and writes more data than it can hold. This causes data to overflow to adjacent memory space, overwriting the information there, which often leads to crashes and…

Vulnerabilities

1 in 10 open source components downloaded in 2018 had a known security vulnerability

Issued by: Help Net Security

This year’s Sonatype report reveals the best practices exhibited by exemplary open source software projects and commercial application development teams. As in years past, it also examines the rapidly expanding supply and continued exponential growth in consumption of open source components. For the fifth anniversary report, Sonatype collaborated with Gene Kim from IT Revolution, and…

Vulnerabilities

Growing reliance on open source libraries leaves many companies vulnerable

Issued by: Help Net Security

Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi, warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks. Cybercriminals use trust attacks to maliciously manipulate and insert code into open…

Mobile Security

How secure are mobile banking apps?

Issued by: Help Net Security

Do banking institutions have a good handle on the things they need to remediate and new control layers they need to adopt to keep users secure? To answer those questions, Accenture and NowSecure have performed vulnerability assessments of customer-facing mobile banking apps of 15 banking institutions in the North American market.