Every day the world is becoming increasingly powered by artificial intelligence. In fact, you’d struggle to find tech companies that have not announced AI integrations into their tech stack in one way or another. Cynics might say this is a passing phase, but the reason AI is so popular is that it’s a versatile set of capabilities that can help solve a lot of problems.The most … [Read more...] about How to make a chatbot: Dos and don’ts for developers in an AI-driven world
developers
Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Mar 22, 2023Ravie LakshmananDevOpsSec / Malware The NuGet repository is the target of a new "sophisticated and highly-malicious attack" aiming to infect .NET developer systems with cryptocurrency stealer malware. The 13 rogue packages, which were downloaded more than 160,000 times over the past month, have since been taken down. "The packages contained a PowerShell script … [Read more...] about Rogue NuGet Packages Infect .NET Developers with Crypto-Stealing Malware
Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Feb 23, 2023Ravie LakshmananSoftware Security / Supply Chain Attack Cybersecurity researchers are warning of "imposter packages" mimicking popular libraries available on the Python Package Index (PyPI) repository. The 41 malicious PyPI packages have been found to pose as typosquatted variants of legitimate modules such as HTTP, AIOHTTP, requests, urllib, and urllib3. The … [Read more...] about Python Developers Warned of Trojanized PyPI Packages Mimicking Popular Libraries
Malware Strains Targeting Python and JavaScript Developers Through Official Repositories
Dec 13, 2022Ravie Lakshmanan An active malware campaign is targeting the Python Package Index (PyPI) and npm repositories for Python and JavaScript with typosquatted and fake modules that deploy a ransomware strain, marking the latest security issue to affect software supply chains. The typosquatted Python packages all impersonate the popular requests library: dequests, … [Read more...] about Malware Strains Targeting Python and JavaScript Developers Through Official Repositories
W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack
An ongoing supply chain attack has been leveraging malicious Python packages to distribute malware called W4SP Stealer, with over hundreds of victims ensnared to date. "The threat actor is still active and is releasing more malicious packages," Checkmarx researcher Jossef Harush said in a technical write-up, calling the adversary WASP. "The attack seems related to cybercrime as … [Read more...] about W4SP Stealer Constantly Targeting Python Developers in Ongoing Supply Chain Attack
Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
Cybersecurity researchers have uncovered 29 packages in Python Package Index (PyPI), the official third-party software repository for the Python programming language, that aim to infect developers' machines with a malware called W4SP Stealer. "The main attack seems to have started around October 12, 2022, slowly picking up steam to a concentrated effort around October 22," … [Read more...] about Researchers Uncover 29 Malicious PyPI Packages Targeted Developers with W4SP Stealer
What Does Observability Mean for Developers?
Monitoring is often not the first thing on the mind of the modern developer. Yet, it’s necessary at many points of the software development lifecycle, including: before deprecating an API, before launching a new feature, after launching the feature, and more. In fact, monitoring needs can vary much more than the classic Ops monitoring.My podcast guest Liran Haimovitch is the … [Read more...] about What Does Observability Mean for Developers?
Application Snapshots: A Valuable Observability Signal for Developers
Monitoring is often not the first thing on the mind of the modern developer. Yet, it’s necessary at many points of the software development lifecycle, including: before deprecating an API, before launching a new feature, after launching the feature, and more. In fact, monitoring needs can vary much more than the classic Ops monitoring.There is one type of telemetry data that is … [Read more...] about Application Snapshots: A Valuable Observability Signal for Developers
Researchers Fingerprint Exploit Developers Who Help Several Malware Authors
Writing advanced malware for a threat actor requires different groups of people with diverse technical expertise to put them all together. But can the code leave enough clues to reveal the person behind it? To this effect, cybersecurity researchers on Friday detailed a new methodology to identify exploit authors that use their unique characteristics as a fingerprint to track … [Read more...] about Researchers Fingerprint Exploit Developers Who Help Several Malware Authors
Contrast Community Edition Empowers Developers to Write Secure Code Faster
As software eats the world, the world faces a software security crisis. The movement to modern software such as cloud technologies and microservice architectures is essential to innovate quickly. Yet, nearly three in four developers say that security slows down Agile and DevOps.Neither developers nor security teams are to blame. DevOps speed is held back by a 15-year-old, … [Read more...] about Contrast Community Edition Empowers Developers to Write Secure Code Faster