Sonatype Lift uses deep code analysis to suggest bug fixes

Sonatype has launched a new deep code analysis platform called Lift which can detect a wide range of bug types.

Lift detects bugs ranging from style issues to complex coding errors commonly found in first-party source code and third-party open source libraries.

Research from Veracode last year found that open-source libraries cause security flaws in around 70 percent of apps. However, open-source libraries are often critical to projects.

Using a deep code...

At DevSecCon24, find out how to build a Security Champions programme to scale your team

Next week, we’re looking forward to bringing together the amazing speakers, attendees and sponsors of DevSecCon24 to discuss, debate and understand how a Security Champions programme can work. As Snyk’s Field CTO, I’ll be leading a panel with stellar DevSecOps leaders from Twilio, Atlassian and Pearson to delve into how to get started, the challenges and the fine-tuning. Here’s a taster of where the discussion might lead.

The concept of a Security Champions...

Trend Micro partners with Snyk to fight open-source bugs

Cybersecurity leader Trend Micro is partnering up with application security platform Snyk to fight open-source bugs.

Research from Veracode last year found that open-source libraries cause security flaws in 70 percent of apps. Snyk itself has observed a 2.5x growth in open-source vulnerabilities over the past three years.

However, open-source is vital to the advancement of the software development industry. Snyk estimates that around 80 percent of application today is...

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

Report: Developing markets are suffering a mobile malware pandemic

Anti-fraud platform Secure-D has released a report highlighting the mobile malware pandemic that developing markets are suffering.

The report is based on Secure-D’s processing of one billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets, helping to protect a total of almost 840 million users.  

Secure-D detected 46,000 malicious apps; with around one in six (16%) mobile devices in emerging markets carrying at least...

Hackers are using shared Xcode projects to infect Apple developers

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

“XcodeSpy is a malicious Xcode project that installs a custom variant...

How to secure your application’s migration to the cloud: A guide

To compete in today's competitive and digital business environment, organisations need to embrace the cloud. The rise of infrastructure as a service (IaaS) firms has meant that enterprises have been able to focus on their core capabilities while leveraging their IaaS partners’ expertise.

As a result, the maintenance and running costs of infrastructure have reduced, and companies are far more efficient in how they deploy resources.

While a move to the cloud brings a lot...

Microsoft: Over 1,000 developers contributed to SolarWinds hack

According to Microsoft’s analysis of the devastating SolarWinds hack, over 1,000 developers were involved.

The attack was described as “the largest and most sophisticated attack the world has ever seen,” by Microsoft president Brad Smith on US show 60 Minutes.

SolarWinds develops software to help businesses manage their networks, systems, and IT infrastructure. The company’s Orion solution is used by ~33,000 public and private sector customers.

In...

Corellium enables iOS device virtualisation on individual accounts

Security research firm Corellium has enabled the virtualisation of iOS devices on individual accounts.

Corellium won a lawsuit filed against it by Apple in December which led to this week’s policy change.

In the lawsuit, first filed in 2019, Apple alleged Corellium's virtualisation violated copyrights relating to iOS, iTunes, and UI. However, the court ruled in Corellium’s favour after deeming the company’s virtualisation comes under fair use.

Virtual iOS...

‘Missions’ teach secure code practices to all those new programmers

Secure Code Warrior has launched ‘Missions’ to help teach safe coding practices during a time when more people are learning to code than ever.

As we reported in September, one in four people used their extra time at home during the first COVID-19 lockdown to start coding. With second lockdowns now in many countries, it’s likely even more people have taken their first steps in programming.

While the world could always do with more coders, the pandemic has also...