Developer Security | Breaking Cybersecurity News | The Hacker News

The world of cybersecurity is in a constant state of flux. New vulnerabilities emerge daily, and attackers are becoming more sophisticated. In this high-stakes game, security leaders need every advantage they can get. That's where Artificial Intelligence (AI) comes in. AI isn't just a buzzword; it's a game-changer for vulnerability management. AI is poised to revolutionize vulnerability management in the coming years. It enables security teams to: Identify risks at scale: AI can analyze massive amounts of data to identify vulnerabilities that humans might miss. Prioritize threats: AI helps focus on the most critical vulnerabilities, ensuring resources are used effectively. Remediate faster: AI automates many tasks, allowing for quicker and more efficient remediation. AI isn't just about technology; it's about people. This webinar will delve into how security leaders can leverage AI to empower their teams and foster a culture of security. Learn how to tur

Roblox developers are the target of a persistent campaign that seeks to compromise systems through bogus npm packages, once again underscoring how threat actors continue to exploit the trust in the open-source ecosystem to deliver malware. "By mimicking the popular 'noblox.js' library, attackers have published dozens of packages designed to steal sensitive data and compromise systems," Checkmarx researcher Yehuda Gelb said in a technical report. Details about the activity were first documented by ReversingLabs in August 2023 as part of a campaign that delivered a stealer called Luna Token Grabber, which it said was a "replay of an attack uncovered two years ago" in October 2021. Since the start of the year, two other packages called noblox.js-proxy-server and noblox-ts were identified as malicious and impersonating the popular Node.js library to deliver stealer malware and a remote access trojan named Quasar RAT. "The attackers of this campa

Want to know what's the latest and greatest in SecOps for 2024? Gartner's recently released Hype Cycle for Security Operations report takes important steps to organize and mature the domain of Continuous Threat Exposure Management, aka CTEM. Three categories within this domain are included in this year's report: Threat Exposure Management, Exposure Assessment Platforms (EAP), and Adversarial Exposure Validation (AEV). These category definitions are aimed at providing some structure to the evolving landscape of exposure management technologies. Pentera, listed as a sample vendor in the newly defined AEV category, is playing a pivotal role in increasing the adoption of CTEM, with a focus on security validation. Following is our take on the CTEM related product categories and what they mean for enterprise security leaders. The Industry is Maturing CTEM, coined by Gartner in 2022, presents a structural approach for continuously assessing, prioritizing, validating, and remediating expo

In yet another sign that threat actors are always looking out for new ways to trick users into downloading malware, it has come to light that the question-and-answer (Q&A) platform known as Stack Exchange has been abused to direct unsuspecting developers to bogus Python packages capable of draining their cryptocurrency wallets. "Upon installation, this code would execute automatically, setting in motion a chain of events designed to compromise and control the victim's systems, while also exfiltrating their data and draining their crypto wallets," Checkmarx researchers Yehuda Gelb and Tzachi Zornstain said in a report shared with The Hacker News. The campaign, which began on June 25, 2024, specifically singled out cryptocurrency users involved with Raydium and Solana. The list of rogue packages uncovered as part of the activity is listed below - raydium (762 downloads) raydium-sdk (137 downloads) sol-instruct (115 downloads) sol-structs (292 downloads) sp