GitHub warns Java developers about malware infecting NetBeans projects

GitHub has issued a warning to Java developers about malware which is specifically infecting NetBeans projects.

The security team for the world’s largest repository host has dubbed the malware Octopus Scanner and found “26 open source projects that were backdoored by this malware and that were actively serving backdoored code.”

GitHub notes the malware is designed to backdoor projects created using the Apache NetBeans IDE – a phenomenon they had not seen before...

Veracode: Open-source libraries cause security flaws in 70% of apps

Research from Veracode suggests that 70 percent of apps have security flaws due to their use of open-source libraries.

The application security firm set out to determine the risk one flawed library can pose to software. For its The State of Software Security (SOSS): Open Source Edition report, Veracode analysed 351,000 libraries across the Veracode platform database of 85,000 applications.

On an initial scan, 70 percent of applications were found to have a security flaw...

Safari soon won’t accept HTTPS certificates longer than 13 months

Apple announced during last week’s CA/Browser Forum that Safari will soon reject any HTTPS certificates that expire in any longer than 13 months.

The CA/Browser Forum is a voluntary consortium that began in 2005 as part of an effort among certification authorities and browser software vendors to provide greater assurance to web users about the sites they visit.

HTTPS certificates, using TLS encryption, help to ensure the sites a user visits are safe and legitimate....

Linux Foundation and LISH publish latest open-source census with suggestions to boost security

The latest open-source census has been published by the Linux Foundation and Laboratory for Innovation Science at Harvard University (LISH) with some interesting observations.

Now in its second edition, the census examines the current state of open-source software. The latest report, catchily titled “Vulnerabilities in the Core, a Preliminary Report and Census II of Open Source Software," focuses on common Free and Open Source Software (FOSS) used in production...

SoundCloud repairs API-related security snafus after Checkmarx research

Online audio distribution platform and music sharing website SoundCloud has fixed several security vulnerabilities affecting its API that could have otherwise resulted in hackers taking over accounts, launching denial of service attacks, and exploiting the service.

All weaknesses were found in an investigation conducted by the Checkmarx Security Research team to study the state of API security in leading...

Starbucks’ API key found in public GitHub repository – reports

Developers at Starbucks left an API key in the public GitHub repository that could have given any attacker the access to the coffeehouse chain’s internal systems who would have easily manipulated the list of authorised users.

As first reported by Bleeping Computer, the API key’s vulnerability level was set to critical because it enabled access to a Starbucks JumpCloud API, but it was spotted...

Why privacy and integrity matters in a mainframe network

Mainframes are the foundation for many critical systems, from bank databases to municipal systems for local governments. It's estimated that 70% of Fortune 500 companies have mainframes in their infrastructure. This hardware holds a lot of sensitive data, which puts it in a vulnerable position. Privacy and data integrity must be maintained for the mainframe systems to ensure that this information isn't accessed without authorisation,...

App developers may be forced to disclose any foreign involvement

The US government is considering forcing app developers to disclose any foreign involvement after a string of concerns about how users' data is being collected.

One notable example is video sharing app TikTok. The app is developed by Beijing-based ByteDance and concerns have been raised about how much user data is being sent back to China.

Similar concerns have also been raised about viral hit FaceApp which many people have used to make their face appear old, young, or a...

Utopia looks to create a self-regulating society with P2P ecosystem and mineable cryptocurrency

The vitality of the Internet is such that any reference to Maslow’s hierarchy of needs, first published in 1943, today usually comes with a half-joking reference to Wi-Fi. Indeed, you would not be reading this piece now without it. Yet one particularly promising area for distributed ledger technologies (DLT) is around user and data privacy for Internet usage.

Meet Utopia. The product, which launches today from anonymous group of networking enthusiasts who call themselves The...

StrongSalt’s new Open Privacy API offers ‘encryption as a service’

Encryption as a service provider StrongSalt has released its Open Privacy API to improve the security of developers’ applications.

StrongSalt was founded by Ed Yu, the former founding engineer of cybersecurity giant FireEye. Back in September, StrongSalt raised $3 million in seed funding from Valley Capital Partners.

Claiming it wants to “do for encryption what Stripe has done for payments and Twilio has done for communications,” StrongSalt offers APIs and...