supply chain Archives - Developer Tech News

Mathew Payne, GitHub: Protecting code while nurturing user experience

Ryan Daws — Fri, 18 Aug 2023 13:54:35 +0000

Developer caught up with Mathew Payne, Principal Field Security Specialist at GitHub, to discuss the platform’s security strategies and how they aim to strike a balance between robustness and a seamless user experience. At the heart of GitHub’s security philosophy lies a commitment to safeguarding user code. Payne emphasised that a major focus is on... Read more »

The post Mathew Payne, GitHub: Protecting code while nurturing user experience appeared first on Developer Tech News.

Checkmarx uncovers supply chain attacks targeting banking

Ryan Daws — Fri, 21 Jul 2023 12:24:45 +0000

Checkmarx has uncovered a new and sophisticated cyber threat targeting the banking sector. The security testing firm’s research team detected two distinct open-source software supply chain attacks targeting financial institutions. These attacks, which involved advanced techniques and deceptive tactics, have raised alarm bells among cybersecurity experts. Attack one: NPM The first attack occurred on April... Read more »

The post Checkmarx uncovers supply chain attacks targeting banking appeared first on Developer Tech News.

Visual Studio Marketplace is the latest supply chain attack vector

Ryan Daws — Mon, 09 Jan 2023 14:14:15 +0000

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks. In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions. VS Code is the most popular IDE, with around 74.48 percent of developers using it. The... Read more »

The post Visual Studio Marketplace is the latest supply chain attack vector appeared first on Developer Tech News.

GitHub will mandate 2FA to help secure the software supply chain

Ryan Daws — Wed, 04 May 2022 15:03:45 +0000

GitHub will require all users who contribute code on the platform to use 2FA as part of its latest security improvements. Attacks on the software supply chain are on the increase. GitHub, which has over 83 million code-contributing users, is stepping up to the plate to protect developers and the software supply chain with this... Read more »

The post GitHub will mandate 2FA to help secure the software supply chain appeared first on Developer Tech News.

Large-scale supply chain attack used 218 malicious NPM packages

Ryan Daws — Thu, 24 Mar 2022 14:32:40 +0000

A large-scale supply chain attack has been uncovered that used 218 malicious NPM packages. Researchers from JFrog claim that several of their automated analysers started throwing up alerts regarding a set of packages in the npm registry earlier this week. Over a few days, the number of packages swelled from around 50 packages to more... Read more »

The post Large-scale supply chain attack used 218 malicious NPM packages appeared first on Developer Tech News.

Software supply chain attacks increased over 300% in 2021

Ryan Daws — Thu, 20 Jan 2022 13:54:28 +0000

We all knew there was an increase in software supply chain attacks in 2021, but a new study has quantified just how bad things got. Argon Security – recently acquired by Aqua Security – published the latest edition of its annual Software Supply Chain Security Review this week. The headline stat from Argon’s report that... Read more »

The post Software supply chain attacks increased over 300% in 2021 appeared first on Developer Tech News.

Sonatype analysis reveals a 73 percent surge in open-source demand

Ryan Daws — Wed, 15 Sep 2021 13:22:58 +0000

A report from Sonatype has revealed a 73 percent surge in the demand for open-source despite a year of high profile vulnerabilities. The growing use of open-source to keep up with the pace of modern development makes it a prime target for cybercriminals. We’ve seen this multiple times in practice over the past year with... Read more »

The post Sonatype analysis reveals a 73 percent surge in open-source demand appeared first on Developer Tech News.

Checkmarx acquires Dustico in wake of increasing supply chain attacks

Ryan Daws — Fri, 06 Aug 2021 12:38:38 +0000

Developer-centric app security testing (AST) firm Checkmarx has acquired Dustico to help counter the increasing threat of supply chain attacks. “We’re thrilled to welcome Dustico and its team to Checkmarx as the Israeli tech ecosystem continues to push the boundaries of cybersecurity innovation and talent,” said Emmanuel Benzaquen, CEO, Checkmarx. “Blending Dustico’s differentiated approach to... Read more »

The post Checkmarx acquires Dustico in wake of increasing supply chain attacks appeared first on Developer Tech News.