InfoQ Homepage Security Content on InfoQ
-
GitHub Enhanced Copilot with New AI Model and Security-Oriented Capabilities
GitHub Copilot adopted a new AI model which is both faster and more accurate than the previous one, says GitHub. Additionally, GitHub has started using AI to detect vulnerabilities in Copilot suggestion by blocking insecure coding patterns in real-time.
-
GitHub Enhances CodeQL, Extends Language Support, Available Queries, and More
After adding support for Ruby at GitHub Universe 2022, CodeQL introduced Kotlin support in beta. Additionally, support for other languages has been extended to include more recent versions. GitHub has also extended available queries to fully cover several industry-wide vulnerability directories, and improved the CodeQL ecosystem.
-
Android 14 Brings Partial Support for OpenJDK 17, Improved Privacy and Security, and More
Google has announced the first Android 14 beta, which provides support for over 300 OpenJDK 17 classes. Additionally, it implements a number of features aimed to keep malicious apps at bay and extends support for foldable form factors, battery usage optimization, and more.
-
Malicious PyPI Package Removes netstat, Tampers with SSH Config
A recent report by Sonatype security researcher Ax Sharma highlights newly discovered malicious packages on the PyPI registry, including aptx, which can install the Meterpreter trojan disguised as pip, delete the netstat system utility, and tamper with SSH authorized_keys file.
-
Chromium to Allow the Use of Third-Party Rust Libraries to Improve Safety and Security
The Chromium Project is going to add a Rust toolchain to its build system to enable the integration of third-party libraries written in Rust, with the aim of improving security, safety, and speed up development.
-
Git 2.39.1 Fixes Two Critical Remote Code Execution Vulnerabilities
Two vulnerabilities affecting Git's commit log formatting and .gitattributes parsing in Git versions up to and including Git 2.39 have been recently patched. Both may lead to remote code execution, so users are required to upgrade immediately to Git 2.39.1.
-
Unskilled Cybercriminals May Be Leveraging ChatGPT to Create Malware
In a recent report, Israeli cybersecurity company Check Point warned that cybercriminals are already using ChatGPT to develop malicious programs on the Dark Web. According to Check Point, ChatGPT makes it possible for even unskilled threat actors to create functioning malware.
-
AWS Announces Upcoming Security Changes in April 2023 for Amazon S3
Recently AWS announced it would make two changes to Amazon Simple Storage Service (Amazon S3): all buckets in a region will have S3 Block Public Access enabled and access control lists (ACLs) disabled by default. These changes will take effect in April 2023 and will be rolled out by the company in all AWS regions within weeks.
-
AWS Key Management Service Now Supports External Key Stores
AWS recently announced the availability of AWS Key Management Service (AWS KMS) External Key Store (XKS), allowing organizations to store and manage their encryption keys outside the AWS KMS service.
-
Testing Advanced Driver Assistance Systems
Advanced driver assistance systems can have a huge number of test cases. Cutting the elephant into smaller pieces can ensure every bit and piece is tested. A good test environment is essential to be efficient, fast and flexible to cover all required tests to ensure quality. Testers should be involved in the project right from the beginning to avoid task-forces, quality- or delivery problems.
-
Spotify Introduces Kitsune Vulnerability Management Platform
Spotify recently introduced its security vulnerability management platform, Kitsune. Right from vulnerability detection to providing insights based on metrics, Kitsune manages the overall security vulnerability lifecycle. Kitsune’s development started one and a half years ago and it continues to evolve.
-
.NET 7 Removes Its Insecure XmlSecureResolver
.NET 7 has replaced the insecure XmlSecureResolver with a new ThrowingResolver type.
-
Threat-Detection Tool Falco Now Supports Multiple Event Sources, Syscall Selection, and More
The latest release of Falco adds the ability to handle multiple simultaneous event sources within the same instance, support for selecting which syscalls to capture, a new Kernel Crawler to collect the most recent supported kernel versions, and more.
-
Docker Introduces Hardened Desktop for Business Users
The latest release of Docker Desktop introduces a new security model to help sys admins secure their organizations' supply chains. Dubbed Hardened Desktop and available only to business customers, the new model includes Settings Management and Enhanced Container Isolation.
-
Two New Git Vulnerabilities Affecting Local Clones and Git Shell Patched
Two Git vulnerabilities affecting local clones and git shell interactive mode in version 2.38 and older have been recently patched.