Open source ‘Package Analysis’ tool finds malicious npm, PyPI packages
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis'…
EmoCheck now detects new 64-bit versions of Emotet malware
The Japan CERT has released a new version of their EmoCheck utility to detect new 64-bit versions of the Emotet…
NPM flaw let attackers add anyone as maintainer to malicious packages
A logical flaw in the npm registry, dubbed 'package planting' let authors of malicious packages quietly add anyone and any number…
Doppler Takes on Secrets Management
The startup is the latest company to try to solve the problem of organizing and sharing secrets.
GitHub: How stolen OAuth tokens helped breach dozens of orgs
GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging…
Fighting Fake EDRs With ‘Credit Ratings’ for Police
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency…
The Ins and Outs of Secure Infrastructure as Code
The move to IaC has its challenges but done right can fundamentally improve an organization's overall security posture.
David Colombo on Tesla Hacks and Growing into Hacking
Cybellum interviewed David Colombo, the cyber boy wonder of Germany, and founder of Colombo Technologies for our podcast, Left to…
Bitdefender Enhances Premium VPN Service With New Privacy Protection Technologies
New ad blocker and anti-tracker modules as well as whitelist capabilities provide consumers with secure and private Web browsing.
GitHub restores popular Python repo hit by bogus DMCA takedown
Yesterday, following a DMCA complaint, GitHub took down a repository that hosts the official SymPy project documentation website. It turns out…