GitLab: 2020 was a ‘catalyst for DevOps maturation’

GitLab’s fifth annual DevSecOps survey reveals that last year was pivotal for the maturation of DevOps.

The only silver lining from the disaster of a year that was 2020 is that it helped to highlight inefficiencies with legacy processes and technologies. As the world looks to "build back better" from the pandemic, the work of DevOps teams should provide some inspiration.

Eric Johnson, CTO at GitLab, said:

“This year’s Global DevSecOps Survey shows that...

Incognia launches free Developer Edition to counter mobile app fraud

Incognia has launched a free ‘Developer Edition’ of its mobile fraud prevention solution to help protect users of fintech and m-commerce apps.

Spurred by the pandemic, mobile transactions increased by 250 percent in 2020. According to Adjust’s Mobile Finance Report 2020, investment apps saw a particularly impressive session growth of 88 percent between January and June 2020.

The rapid increase in mobile transactions has attracted fraudsters looking to line their...

Play Store’s AI security blocks almost one million policy-violating apps

Google’s AI-powered Play Store security has blocked almost one million policy-violating apps from reaching users.

In a blog post, Google detailed what it’s been doing to protect the billions of Android users and millions of developers creating apps for the world’s largest mobile platform.

2020 was a year when many of us made sacrifices to our freedoms to protect not just ourselves, but those around us. Unfortunately, criminals sought to take advantage of more...

Codecov breach prompts fears of another SolarWinds-style hack

A hack impacting software testing firm Codecov is expected to have resulted in hundreds of networks being compromised, prompting fears of a fallout similar to the recent SolarWinds attack.

Codecov has over 29,000 customers including companies such as IBM, Proctor & Gamble, Hewlett Packard Enterprise, Atlassian, Washington Post, and GoDaddy. The potential scale of the attack has led to a federal investigation.

"We are aware of the claims and we are investigating...

Report: Developing markets are suffering a mobile malware pandemic

Anti-fraud platform Secure-D has released a report highlighting the mobile malware pandemic that developing markets are suffering.

The report is based on Secure-D’s processing of one billion mobile transactions and service sign-ups for 35 mobile operators in 23 emerging markets, helping to protect a total of almost 840 million users.  

Secure-D detected 46,000 malicious apps; with around one in six (16%) mobile devices in emerging markets carrying at least...

GitHub’s secret scanning for private repos launches alongside security overview

GitHub has launched its secret scanning tool for private repositories alongside a new security overview dashboard.

The world’s largest repo host first unveiled the fraud-preventing secret scanning feature in May last year as part of GitHub Advanced Security—a package of features that includes code scanning, secret scanning, and dependency reviews.

Secret scanning has been in beta until today. Since it was first announced, GitHub says it has:

Expanded secret...

Hackers are using shared Xcode projects to infect Apple developers

Developers for Apple’s platforms are being hacked through importing shared Xcode projects infected with malware.

Researchers from SentinelOne detailed the growing trend after discovering a macOS malware dubbed XcodeSpy.

“Threat actors are abusing the Run Script feature in Apple’s Xcode IDE to infect unsuspecting Apple Developers via shared Xcode Projects,” the researchers explained.

“XcodeSpy is a malicious Xcode project that installs a custom variant...

Microsoft: Over 1,000 developers contributed to SolarWinds hack

According to Microsoft’s analysis of the devastating SolarWinds hack, over 1,000 developers were involved.

The attack was described as “the largest and most sophisticated attack the world has ever seen,” by Microsoft president Brad Smith on US show 60 Minutes.

SolarWinds develops software to help businesses manage their networks, systems, and IT infrastructure. The company’s Orion solution is used by ~33,000 public and private sector customers.

In...

Corellium enables iOS device virtualisation on individual accounts

Security research firm Corellium has enabled the virtualisation of iOS devices on individual accounts.

Corellium won a lawsuit filed against it by Apple in December which led to this week’s policy change.

In the lawsuit, first filed in 2019, Apple alleged Corellium's virtualisation violated copyrights relating to iOS, iTunes, and UI. However, the court ruled in Corellium’s favour after deeming the company’s virtualisation comes under fair use.

Virtual iOS...

What app developers need to know about the DOJ’s formal request for encryption backdoors

When we text via Apple’s iMessage, WhatsApp, Signal, or a host of other messaging services, those messages are protected in ways communications across most other platforms are not. The reason is these select app developers use “end-to-end encryption” (or “E2EE”), which encrypts all messages before leaving the sender’s device and can only be decrypted by the recipient’s device. The only way to access and view these messages is by having the sender’s or recipient’s phone...