The EnemyBot malware had added VMware and F5 critical flaws to it’s attack vectors: EnemyBot malware adds enterprise flaws to exploit arsenal • The Register The worse thing about this malware, (other than if it infects your systems), is that the “unarmed” code is available on Github.
Our trust in public code – UPDATED 24 May 2022
The original post was made on 12 May 2022 Update 24 May 2022 Python is a popular coding language and many code libraries exist to make the programmer’s life a little easier. But as indicated in the articles below if that open source code becomes popular, then it also becomes …
Continue reading “Our trust in public code – UPDATED 24 May 2022”
GitHub to require 2FA for all users by end of 2023!
GitHub is a valuable resource to software developers and so it is a key tool being used in many software supply chains. And we now know how vulnerable we all are to software supply chain hacking – look at this example. So my response when I saw this was the …
Continue reading “GitHub to require 2FA for all users by end of 2023!”
Tampering with open source software
Recently the security of open source software has been questioned, particularly with respect to Linux vulnerabilities that have a huge impact due to Linux’s use as internet infrastructure. When volunteer coders are keeping the software secure – who takes responsibility. Steps have started to be taken to increase the security …
Hackers reuse code as well
It is a classic move of any developer to reuse code – actually it is a professional move to reuse code that you know works. So it is no surprise that hackers take professional steps to ensure their malware attacks work. Even taking legitimate code from GitHub. Code Reuse In …