Rust vulnerability enables attackers to delete files and directories

Maintainers of the Rust programming language have warned of a critical vulnerability that enables attackers to delete files and directories.

In a security advisory, the Rust Security Response Working Group wrote:

“The Rust Security Response WG was notified that the std::fs::remove_dir_all standard library function is vulnerable to a race condition enabling symlink following (CWE-363).

An attacker could use this security issue to trick a privileged program into...

Software supply chain attacks increased over 300% in 2021

We all knew there was an increase in software supply chain attacks in 2021, but a new study has quantified just how bad things got.

Argon Security – recently acquired by Aqua Security – published the latest edition of its annual Software Supply Chain Security Review this week.

The headline stat from Argon’s report that software supply chain attacks grew by more than 300 percent in 2021 compared to 2020.

Eran Orzel, Senior Director of Argon Customer...

Google wants to increase government collaboration to secure open-source

Google says that it wants to increase government collaboration to help secure open-source after participating in a White House summit.

On Thursday, Google participated in the White House Open Source Software Security Summit with the aim of building on its “work with the Administration to strengthen America’s collective cybersecurity through critical areas like open-source software.”

The past year has been particularly bad for open-source security problems, with...

Is good security the answer to team happiness?

Nowadays, most businesses aren’t naive enough to imagine that they can manage without the most basic cybersecurity protections. However, they’re more likely to invest in such provisions after experiencing a direct threat or hearing a closely related business has suffered a breach.

This reactive approach to cybersecurity is costly — impacting not just the bottom line, but employee happiness and even customer trust. In reality, however, even a small investment in security...

State of APIs 2021: ‘Great Resignation’ leading challenge, security remains a top focus

RapidAPI’s latest State of APIs developer survey finds the cross-industry “Great Resignation” is the leading challenge facing the industry, while security remains a top focus.

Employees are leaving their current jobs in record numbers as part of the so-called Great Resignation due to burnout, income stagnation, poor treatment, and low satisfaction. Almost half of the world’s workers are considering quitting, according to a Microsoft survey.

RapidAPI’s survey...

In-built infrastructure security advantage with policy as code

It is impossible to discuss where DevOps trends are heading without mentioning policy as code, the writing of code in a high-level language to manage and automate policies in the developmental process.

In an ever-evolving regulatory landscape, organisations simply don't have the right technology or resources to scale their security and compliance efforts. Policy as code provides the much-needed agility to address regulations or standards as they emerge. This means that new...

Akamai’s latest solution counters the growing security threat to APIs

Akamai has launched App & API Protector, a new solution for protecting APIs and web applications.

Last month, Akamai released its 'API: The Attack Surface That Connects Us All' report which highlights the challenges that organisations face in the modern threat landscape. The expert analysts at Gartner even report that APIs will be the most frequent online attack vendor by 2022.

App & API Protector aims to counter such threats with a solution that detects up to...

What open API means for today’s IT and physical security strategies

A man using a laptop.

What is open-source security software?

Open-source software is nothing new. In fact, it’s been around since the 1990s when it was popularized during the dot-com boom. Open source software makes it free to use and modify the source code. While similar, open application programming interface, or API, software takes this a step farther. Open API still gives developers universal access to software programs, but it’s also a tool for making platforms communicate with each other....

Travis CI flaw exposed thousands of open-source projects’ secrets

A flaw in popular software testing tool Travis CI exposed the secrets of thousands of open-source projects.

Travis CI is a hosted continuous integration service used to build and test software projects hosted on GitHub and Bitbucket.

For at least a week – between 3-10 Sept – open-source repos that used Travis CI had their keys, credentials, and tokens exposed.

Ethereum developer Felix Lange discovered a flaw with how Travis CI handled environmental...

Sonatype analysis reveals a 73 percent surge in open-source demand

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities.

The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with devastating attacks like that on SolarWinds even making national headlines for its widespread implications.

In fact, Sonatype’s report highlights a...