Tag

Software Security

All articles tagged with #software security

technology11 days ago•1 min saved

Anthropic rolls out AI-assisted code security with human-in-the-loop patches

Anthropic is rolling out Claude Code Security in a limited research preview for Enterprise and Team customers, offering AI-driven scanning of codebases to find vulnerabilities and propose patches for human review. The tool reasons about code interactions and data flows beyond static checks, uses a multi-stage verification to reduce false positives, and assigns severities; results appear in a dashboard and require human approval before changes are applied, aiming to help defenders counter AI-enabled attacks.

via The Hacker News|

#artificial-intelligence #code-analysis #human-in-the-loop

technology2 months ago•2 min saved

Microsoft Plans to Replace C and C++ with Rust by 2030

Microsoft aims to replace its entire C and C++ codebase with Rust by 2030, leveraging AI and automation tools to facilitate the transition, driven by a goal to improve security and reduce technical debt, with significant investment in new tools and talent.

via theregister.com|

#c #codebase-migration #microsoft

technology5 months ago•3 min saved

Google DeepMind Launches CodeMender for Automated Software Security Patches

Google DeepMind has developed CodeMender, an AI agent that autonomously detects, patches, and rewrites vulnerable code to enhance software security, currently in research phase with promising results in fixing open-source projects and preventing exploits.

via SiliconANGLE|

#ai #codemender #deepmind

software-security2 years ago•2 min saved

"Urgent Patch Required for Critical Jenkins Vulnerability"

Jenkins has resolved nine security flaws, including a critical bug (CVE-2024-23897) that could lead to remote code execution (RCE) through its built-in command line interface (CLI). Attackers could exploit this vulnerability to read arbitrary files on the Jenkins controller file system, potentially leading to various attacks. The flaw has been fixed in Jenkins 2.442, LTS 2.426.3, and a short-term workaround is recommended until the patch can be applied. This comes after Jenkins addressed severe security vulnerabilities last year.

via The Hacker News|

#jenkins #patch #rce

software-security2 years ago•1 min saved

GitHub Rotates Keys to Address High-Severity Vulnerability

GitHub has rotated some keys, including the commit signing key and customer encryption keys, in response to a high-severity vulnerability (CVE-2024-0200) that could potentially expose credentials within a production container. The vulnerability, also present on GitHub Enterprise Server, requires an authenticated user with an organization owner role to be logged in for exploitation. GitHub has also addressed another high-severity bug (CVE-2024-0507) that could allow privilege escalation via command injection.

via The Hacker News|

#cve-2024-0200 #github #key-rotation

software-security2 years ago•1 min saved

"GitLab Issues Critical Patch for Zero-Click Account Takeover Vulnerability"

GitLab has released security updates to address two critical vulnerabilities, including one that could lead to account takeover without user interaction. The flaw, tracked as CVE-2023-7028, affects self-managed instances of GitLab Community Edition and Enterprise Edition. Another critical flaw (CVE-2023-5356) was also patched, allowing a user to abuse Slack/Mattermost integrations. Users are advised to upgrade to the patched version as soon as possible and enable 2FA, especially for those with elevated privileges.

via The Hacker News|

#account-takeover #devsecops #gitlab

technology2 years ago•0 min saved

"New York Governor Proposes Stricter Cybersecurity Rules for Hospitals Amid Rising Attacks"

New York regulators are planning to introduce cybersecurity regulations for hospitals in response to a series of cyberattacks that have disrupted medical facilities. The proposed rules include requirements for hospitals to develop and test incident response plans, assess cybersecurity risks, and implement security technologies such as multifactor authentication. Hospitals will also need to establish secure software design practices for in-house applications and conduct security testing for software from vendors.

via The Wall Street Journal|

#cybersecurity-regulations #hospitals #incident-response-plans

supply-chain-software-security2 years ago•1 min saved

Python Packages on PyPI Infected with BlazeStealer Malware: Developers Beware!

Malicious Python packages containing the BlazeStealer malware have been discovered on the Python Package Index (PyPI) repository. Disguised as obfuscation tools, these packages install a Discord bot that gives attackers complete control over compromised developer systems. The malware can steal sensitive information, execute commands, encrypt files, and even render the computer unusable. The rogue packages were downloaded over 2,400 times before being taken down, with the majority of downloads originating from the U.S. Developers are advised to remain vigilant and thoroughly vet packages before use.

via The Hacker News|

#blazestealer-malware #developer-systems #pypi-repository

technology2 years ago•5 min saved

"Microsoft's Secure Future Initiative: Revolutionizing Software Security"

Microsoft is launching the Secure Future Initiative (SFI) to overhaul its software security in response to recent cybersecurity incidents, including the SolarWinds attack and the Microsoft Exchange Server flaw. The initiative will involve using automation and AI during software development, cutting the time to fix vulnerabilities, improving security settings, and strengthening infrastructure. Microsoft aims to build an AI-based "cyber shield" to detect threats more effectively. The company also plans to reduce the time it takes to mitigate cloud vulnerabilities by 50% and enhance the security of encryption keys. Additionally, Microsoft will focus on improving security defaults and expanding secure default settings for Multi-Factor Authentication. The company calls for greater accountability for nation-states involved in undermining cloud security and urges states to recognize cloud services as critical infrastructure.

via The Verge|

#ai #azure #cybersecurity

software-security2 years ago•1 min saved

Upcoming Security Patch for Critical Flaws in Curl Library

The Curl library is set to release a security patch on October 11, 2023, to address two vulnerabilities, one high-severity (CVE-2023-38545) and one low-severity (CVE-2023-38546). The exact version ranges impacted have not been disclosed to prevent pre-release problem identification, but it is known that versions from the past several years are affected. Organizations are advised to inventory and scan systems using curl and libcurl to identify potentially vulnerable versions once details are disclosed with the release of Curl 8.4.0.

via The Hacker News|

#curl-library #cve-2023-38545 #cve-2023-38546

technology2 years ago•2 min saved

Tech Giants Address Zero-Day Exploits: Microsoft and Apple Take Action

Microsoft has released patches to address zero-day vulnerabilities in two widely used open source libraries, webp and libvpx, which impact several Microsoft products including Skype, Teams, and Edge. The vulnerabilities were actively exploited by spyware to target individuals, according to researchers at Google and Citizen Lab. While Microsoft has fixed the vulnerabilities, the company has not confirmed if its products were exploited or if it has the ability to detect such exploitation. Other tech companies, including Apple and Google, have also issued security updates to address the vulnerabilities in their respective products.

via TechCrunch|

#microsoft #open-source-libraries #software-security

automotive-technology2 years ago•2 min saved

"Hacker uncovers Tesla's secret 'Elon Mode' for hands-free Full Self-Driving"

A Tesla software hacker known as @greentheonly has discovered a hidden feature called "Elon Mode" that enables hands-free driving in Tesla vehicles. The hacker found that the car didn't require any attention from them while using Tesla's Full Self-Driving (FSD) software. FSD is Tesla's vision-based advanced driver-assist system that's in beta but is currently available to anyone who paid as much as $15,000 for the option. The system still seems to change lanes randomly and ends up driving slow on the highway. Whether this version of FSD will be available to regular owners is unknown.

via The Verge|

#automotive-technology #autopilot #elon-musk