Product Security Bad Practices

As outlined in the Cybersecurity and Infrastructure Security Agency’s (CISA’s) Secure by Design initiative, software manufacturers should ensure that security is a core consideration from the onset of software development and throughout the entirety of the development lifecycle. This voluntary Read More …

Israeli spyware startup Paragon acquired by U.S.-based private equity fund for up to $900M

Israeli offensive cyber company Paragon will be acquired by the U.S.-based private equity fund AE Industrial Partners for an initial payment of $500 million, with an additional $400 million contingent on meeting business milestones. Despite the acquisition, Paragon will remain Read More …

Safe Software Deployment: How Software Manufacturers Can Ensure Reliability for Customers

Many software manufacturers and service providers deploy software and configuration updates as part of their service offerings. These updates may enhance features and/or address security vulnerabilities to provide benefits and security to customers. However, software and the systems that deploy Read More …

Internet surveillance firm Sandvine says it’s leaving 56 ‘non-democratic’ countries

Sandvine, the makers of surveillance-ware that allowed authoritarian countries to censor the internet and spy on their citizens, announced that it is leaving dozens of “non-democratic” countries as part of a major overhaul of the company. The company, which was Read More …

Gleaming Pisces Poisoned Python Packages Campaign Delivers PondRAT Linux and MacOS Backdoors

Unit 42 researchers have been tracking the activity of an ongoing poisoned Python packages campaign delivering Linux and macOS backdoors via infected Python software packages. Unit 42 researchers named these infected software packages PondRAT. They’ve also found Linux variants of Read More …

Missing tycoon’s co-defendant fatally struck by car

The co-defendant of British tech tycoon Mike Lynch – who is currently missing in Italy – has died after being hit by a car. Stephen Chamberlain, 52, was Mr Lynch’s co-defendant in his US fraud trial in which both men Read More …

ArtiPACKED: Hacking Giants Through a Race Condition in GitHub Actions Artifacts

This research reviews an attack vector allowing the compromise of GitHub repositories, which not only has severe consequences in itself but could also potentially lead to high-level access to cloud environments. This is made possible through the abuse of GitHub Read More …

Cash App to award $15M to users in security breach settlement

Cash App users could get some cash sent to their bank accounts soon. In a settlement, the mobile payment service was ordered to pay out $15 million in damages. According to a class-action lawsuit obtained by USA TODAY, plaintiffs sued Read More …

Pakistan to launch home-grown messaging app amid internet disruptions

The Pakistani government is set to roll out “Beep Pakistan”, a communication application designed for federal officials and employees. Shaza Fatima Khwaja, the state minister for information technology and telecommunication, said that the application was currently undergoing trial runs within Read More …

Data breach exposes US spyware maker behind Windows, Mac, Android and Chromebook malware

A little-known spyware maker based in Minnesota has been hacked, TechCrunch has learned, revealing thousands of devices around the world under its stealthy remote surveillance. A person with knowledge of the breach provided TechCrunch with a cache of files taken Read More …