HID Global's Three Pillars of Operational Security

By Karin Althaus on June 15, 2022 Application Security

5 minute read time

The foundations of security at HID Global are a balanced set of tools, policies, and expertise. A look back at a DevSecOps Leadership Forums talks in Paris.
Read More...

Wicked Good Development: The Evolution of Supply Chain Attacks

By Kadi Grigg on June 14, 2022 Software Supply Chain

22 minute read time

This episode looks at how fraud detection and supply chain attacks are similar, the data science behind these systems, and developer behavior.
Read More...

Wicked Good Development: Dev Nexus Reflections and Conversations Part 3

By Kadi Grigg on June 13, 2022 podcast

22 minute read time

This week, we finish up our round table discussion on Devnexus 2022 and interview two more developers who contribute to the open source community.
Read More...

npm package disables Windows Defender before dropping trojan

By Ax Sharma on June 13, 2022 vulnerabilities

4 minute read time

npm package 'flame-vali' makes multiple attempts to disable Windows Defender on the infected system before downloading a cryptominer.
Read More...

This Week in Malware—npm malware exfiltrates Windows SAM, Amazon EC2 credentials

By Ax Sharma on June 10, 2022 vulnerabilities

4 minute read time

Malicious packages caught this week exfiltrate Amazon EC2, Windows SAM credentials, and launch malicious executables.
Read More...

How to Manage Your Open Source Licenses in 2022

By Luke Mcbride on June 02, 2022 licenses

6 minute read time

Development teams are using openly licensed software in their process, and lots of it. To comply with the requirements, you need license management tools.
Read More...

Wicked Good Development: Dev Nexus Reflections and Conversations Part 2

By Kadi Grigg on May 31, 2022 podcast

22 minute read time

From a discussion at Devnexus 2022, a varied conversation about development and open source security from an open source maintainer and contributor.
Read More...

Wicked Good Development: Dev Nexus Reflections and Conversations Part 1

By Kadi Grigg on May 31, 2022 Community

19 minute read time

At our roundtable discussion on Devnexus 2022, we get a chance to interview two more developers who contribute to the open source community.
Read More...

PyPI package 'ctx' and PHP library 'phpass' compromised to steal environment variables

By Ax Sharma on May 24, 2022 vulnerabilities

5 minute read time

Popular Python package 'ctx' that is downloaded over 22,000 times weekly on PyPI registry has been compromised and now steals environment variables. Additionally, a forked PHP project 'phpass' also
Read More...