Introducing OpenTDF: Open source, accessible security for developers

At Virtru, we believe that the ability to securely share data is essential — and that privacy is a human right that must be protected. It’s a mission we have stuck by since we started in 2011, and sees us supporting over 7,000 organisations worldwide to protect their most valuable asset, their data, with Zero-Trust security and powerful, granular policy controls that tie identity to data, everywhere it moves.

Now, Virtru is giving developers a new way to build security...

28 July 2022 | API

Source code for Rust-based malware leaks on hacking forums

The source code for an info-stealing malware based on Rust has leaked on hacking forums.

Security analysts claim the malware is actively used in attacks and it appears to have a high antivirus evasion rate. VirusTotal returns a detection rate of around 22 percent.

The developer claims to have developed the malware in just six hours. Despite being based on Rust, the malware currently only targets Windows machines.

Cybersecurity firm Cyble analysed the malware...

26 July 2022 | Hacking & Security

Web3 projects lost over $2B to hacks in H1 2022

A report from CertiK finds that web3 projects lost over $2 billion to hacks in H1 2022—more than all of 2021 combined.

“2022 is already the most expensive year for web3 by far. From these numbers, 2022 is forecast to see a 223% increase in the funds lost to attacks when compared with 2021,” wrote CeriK in their report.

CertiK’s sobering report highlights the difficulties of an industry that pitches itself as returning to the decentralised ideals of web1 while...

8 July 2022 | Blockchain

HackerOne employee disclosed vulnerabilities ‘for personal gain’ 

An employee of HackerOne was caught accessing security reports and disclosing vulnerabilities “for personal gain”.

HackerOne is a vulnerability coordination and bug bounty platform that connects businesses with penetration testers and cybersecurity researchers.

Following a customer report of a suspicious vulnerability disclosure made outside of the HackerOne platform, the company decided to launch an investigation.

Jober Abma, Co-Founder of HackerOne,...

4 July 2022 | Hacking & Security

GitHub will mandate 2FA to help secure the software supply chain

GitHub will require all users who contribute code on the platform to use 2FA as part of its latest security improvements.

Attacks on the software supply chain are on the increase. GitHub, which has over 83 million code-contributing users, is stepping up to the plate to protect developers and the software supply chain with this major policy change announcement.

“At GitHub, we believe that our unique position as the home for all developers grants us both an opportunity...

4 May 2022 | Git

Five Eyes alliance lists 2021’s top vulnerabilities

A cybersecurity advisory issued by members of the ‘Five Eyes’ intelligence alliance lists the most-exploited vulnerabilities of 2021.

The Five Eyes consists of the US, UK, Canada, Australia, and New Zealand. Over recent weeks, cybersecurity authorities from the normally secretive alliance have issued a number of joint statements amid increasing global threats.

According to the alliance, here were the top 15 “routinely exploited” vulnerabilities in...

28 April 2022 | Hacking & Security

Google’s Project Zero found over twice as many exploits in 2021

Project Zero, Google’s in-house team of experts tasked with finding zero-day exploits, reports that it found over twice as many in 2021.

According to the team’s annual report, it found a record 58 zero-day exploits in 2021. That’s over double the 25 it detected in 2020 and the previous record of 28 detected in 2015.

(Credit: Google)

While such a large uptick may cause alarm, Google puts a positive spin on the news.

“We believe the large...

20 April 2022 | Hacking & Security

GitHub notifies victims of OAuth token theft

GitHub is notifying known victims of an ongoing attack using stolen third-party OAuth user tokens.

OAuth user tokens maintained by Heroku and Travis CI were stolen and abused by an unauthorised party to download data from dozens of organisations, including npm.

Mike Hanley, Chief Security Officer at GitHub, wrote in a blog post:

“We have high confidence that compromised OAuth user tokens from Heroku and Travis-CI-maintained OAuth applications were stolen and...

19 April 2022 | Git

Google will hide outdated Android apps to improve security

Google will start hiding outdated apps on the Play Store in a bid to improve security.

With almost three million apps hosted on the Play Store, keeping Android’s three billion users protected is a gargantuan task.

Given the scale of the challenge, Google’s AI-powered security does an admirable job. However, Google’s system is far from perfect and software that poses a threat to users does slip through.

Sometimes the apps that slip past Google’s security...

7 April 2022 | Android

Large-scale supply chain attack used 218 malicious NPM packages

A large-scale supply chain attack has been uncovered that used 218 malicious NPM packages.

Researchers from JFrog claim that several of their automated analysers started throwing up alerts regarding a set of packages in the npm registry earlier this week.

Over a few days, the number of packages swelled from around 50 packages to more than 200 (as of March 21st).

The researchers manually analysed the packages and found that it was a targeted attack against the...

24 March 2022 | Hacking & Security