Why you need honeypots in the cloud: A guide

IT threats such as cyberattacks, worms, viruses, and other digital threats are valid concerns for anyone who connects their systems to the internet.

Businesses that operate digitally - in other words, using the cloud - are especially vulnerable to a variety of cyber threats; some of them not yet known even to security companies.

Security mechanisms such as honeypots can detect various types of attacks, whether it is a server, router, cloud, network, or...

How to ensure your security tools work with testing for security validation

Realising that your security systems have vulnerabilities after a cyber-attack could significantly damage both your company’s reputation and profit. If your organisation or company is online and digital, security systems might be in place, but you might not be sure they truly work.

A good security validation approach is based on testing current cybersecurity with tools that can save your company from major financial losses and data leakage.

Is your business likely to be a...

Decentralised platform Ethereum is hiring a dedicated security team for 2.0

The Ethereum Foundation is hiring a dedicated security team to ensure the next version of the decentralised platform is as robust as it needs to be.

A lot of money relies on the security of Ethereum. The explosion in DeFi (decentralised finance) means there is now $4.3 billion "locked up" in Ethereum apps – an increase of 442% over the past three months. Yet, this is tiny compared to the figures we could be discussing in a few years as DeFi growth continues and more use cases...

Congress wants Apple and Google to clamp down on foreign apps

Congress is calling on Apple and Google to clamp down on apps that weren’t born in the USA (cue Springsteen).

Trump’s administration is currently mulling a complete ban of any Chinese software but, while that debate is ongoing, Congress wants the two largest mobile platform holders to begin clamping down on foreign apps in less radical ways.

The Congressional Committee on Oversight and Reform has sent two letters to the CEOs of Apple and Google to request they probe...

GitHub warns Java developers about malware infecting NetBeans projects

GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.

The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”

GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before...

Veracode: Open-source libraries cause security flaws in 70% of apps

Research from Veracode suggests that 70 percent of apps have security flaws due to their use of open-source libraries.

The application security firm set out to determine the risk one flawed library can pose to software. For its The State of Software Security (SOSS): Open Source Edition report, Veracode analysed 351,000 libraries across the Veracode platform database of 85,000 applications.

On an initial scan, 70 percent of applications were found to have a security flaw...

Safari soon won’t accept HTTPS certificates longer than 13 months

Apple announced during last week’s CA/Browser Forum that Safari will soon reject any HTTPS certificates that expire in any longer than 13 months.

The CA/Browser Forum is a voluntary consortium that began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to web users about the sites they visit.

HTTPS certificates, using TLS encryption, help to ensure the sites a user visits are safe and legitimate....

Linux Foundation and LISH publish latest open-source census with suggestions to boost security

The latest open-source census has been published by the Linux Foundation and Laboratory for Innovation Science at Harvard University (LISH) with some interesting observations.

Now in its second edition, the census examines the current state of open-source software. The latest report, catchily titled “Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software," focuses on common Free and Open Source Software (FOSS) used in production...

SoundCloud repairs API-related security snafus after Checkmarx research

Online audio distribution platform and music sharing website SoundCloud has fixed several security vulnerabilities affecting its API that could have otherwise resulted in hackers taking over accounts, launching denial of service attacks, and exploiting the service.

All weaknesses were found in an investigation conducted by the Checkmarx Security Research team to study the state of API security in leading...

Starbucks’ API key found in public GitHub repository – reports

Developers at Starbucks left an API key in the public GitHub repository that could have given any attacker the access to the coffeehouse chain’s internal systems who would have easily manipulated the list of authorised users.

As first reported by Bleeping Computer, the API key’s vulnerability level was set to critical because it enabled access to a Starbucks JumpCloud API, but it was spotted...