GitHub says hackers cloned code-signing certificates in breached repository
It remains unclear how the threat actor compromised access token used in the breach. Enlarge GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates.....»»
Hackers discover how to reprogram NES Tetris from within the game
New method could help high-score chasers trying to avoid game-ending crashes. Enlarge / I can see the code that controls the Tetri-verse! (credit: Aurich Lawson) Earlier this year, we shared the story of how a classic NE.....»»
New Apple Pencil Might Be Called Apple Pencil Pro
Code discovered on Apple’s website in Japan might have confirmed the name of the company’s new Apple Pencil ahead of launch. The code, published by a user on X, references an unreleased accessory called “Apple Pencil Pro.” We,.....»»
New ‘Apple Pencil Pro’ referenced in Apple website code
Tomorrow, Apple will hold its first event of the year where it is expected to unveil a new generation of iPad Pro, iPad Air, and accompanying new Apple Pencil and Magic Keyboard accessories. The Apple website may have just given us a bit more insi.....»»
New Apple Pencil may be called "Apple Pencil Pro"
AppleInsider has learned that code in the Japanese version of Apple's website reveals multiple mentions of an "Apple Pencil Pro," ahead of the expected release of a new model on May 7.Apple PencilApple's "Let Loose" event on May 7, 2024, is believed.....»»
Bug hunters can get up to $450,000 for an RCE in Google’s Android apps
Google has drastically increased the rewards bug hunters can get for reporting vulnerabilities in Android apps it develops and maintains. “We increased reward amounts by up to 10x in some categories (for example Remote Arbitrary Code Execution.....»»
Nokod Security Platform secures low-code/no-code development environments and apps
Nokod Security launched the Nokod Security Platform, enabling organizations to protect against security threats, vulnerabilities, compliance issues, and misconfigurations introduced by LCNC applications and robotic process automations (RPAs). Most or.....»»
New infosec products of the week: May 3, 2024
Here’s a look at the most interesting products from the past week, featuring releases from Appdome, Cybersixgill, Proofpoint, Secure Code Warrior, Snyk, and Synopsys. Cybersixgill Third-Party Intelligence module identifies potential supply chain ri.....»»
Orum No Code Verify helps businesses validate bank accounts
Orum launched No Code Verify, which helps businesses and institutions determine whether a bank account is open and valid before initiating payments — all without integrating an API. Orum’s Verify solution offers 100% coverage of all US-based cons.....»»
Maximum-severity GitLab flaw allowing account hijacking under active exploitation
The threat is potentially grave because it could be used in supply-chain attacks. Enlarge A maximum severity vulnerability that allows hackers to hijack GitLab accounts with no user interaction required is now under act.....»»
International team cracks genomic code for earliest forms of terrestrial plant life
Plant life first emerged on land about 550 million years ago, and an international research team co-led by University of Nebraska–Lincoln computational biologist Yanbin Yin has cracked the genomic code of its humble beginnings, which made possible.....»»
Secure Code Warrior SCW Trust Score quantifies the security posture of developer teams
Secure Code Warrior unveiled SCW Trust Score, a benchmark that quantifies the security posture of organizations’ developer teams. SCW Trust Score provides a vital baseline of the impact of their learning programs, assesses its effectiveness, and en.....»»
Veracode platform enhancements help organizations reduce application risk
Veracode announced platform innovations that set a new standard for developer-powered application security. New repo risk visibility and analysis from Longbow Security, powered by Veracode, speeds up remediation of application risk from code reposito.....»»
Dropbox says attackers accessed customer and MFA info, API keys
File hosting service Dropbox has confirmed that attackers have breached the Dropbox Sign production environment and accessed customer personal and authentication information. “From a technical perspective, Dropbox Sign’s infrastructure is lar.....»»
Hacker free-for-all fights for control of home and office routers everywhere
How and why nation-state hackers and cybercriminals coexist in the same router botnet. Enlarge (credit: Aurich Lawson / Ars Technica) Cybercriminals and spies working for nation-states are surreptitiously coexisting insi.....»»
Is TikTok bypassing Apple’s App Store in-app purchase commission?
9to5Mac is supported by Incogni: Stop robocalls, spam emails, stalkers, fraud, and more with Incogni. Exclusive discount for 9to5Mac readers: Use the code Apple55 at checkout to get 55% off the annual plan. A new report from TechCrunch today cl.....»»
Week in review: Two Cisco ASA zero-days exploited, MITRE breach, GISEC Global 2024
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Hackers backdoored Cisco ASA devices via two zero-days (CVE-2024-20353, CVE-2024-20359) A state-sponsored threat actor has managed to compromise Cis.....»»
Hackers try to exploit WordPress plugin vulnerability that’s as severe as it gets
WP Automatic plugin patched, but release notes don't mention the critical fix. Enlarge (credit: Getty Images) Hackers are assailing websites using a prominent WordPress plugin with millions of attempts to exploit a high-.....»»
AI deciphers new gene regulatory code in plants and makes accurate predictions for newly sequenced genomes
Genome sequencing technology provides thousands of new plant genomes annually. In agriculture, researchers merge this genomic information with observational data (measuring various plant traits) to identify correlations between genetic variants and c.....»»
Edgio Client-Side Protection enables organizations to secure critical customer data
Edgio released its Client-Side Protection solution. Designed to monitor scripts and APIs on the browser-side to prevent malicious code from exfiltrating sensitive customer data, Edgio Client-Side Protection allows teams to gain full visibility on cli.....»»
CISOs are nervous Gen AI use could lead to more security breaches
Malicious Gen AI use is on top of everyone's mind, as hackers create convincing phishing emails......»»