Hacker News with Generative AI: Software Security

Snyk Security Labs Testing Update: Cursor.com AI Code Editor (snyk.io)
Snyk’s Security Labs team aims to find and help mitigate vulnerabilities in software used by developers around the world, with an overarching goal to improve the state of software security.

Software Security, Code Editors, AI, Testing, Security Research

6 points by ksbrooksjr 3 days ago | 1 comments

Syzygy: Dual Code-Test C to Rust Translation Using LLMs and Dynamic Analysis (arxiv.org)
Despite extensive usage in high-performance, low-level systems programming applications, C is susceptible to vulnerabilities due to manual memory management and unsafe pointer operations.

Rust, C, Programming Languages, Software Security, AI

7 points by belter 19 days ago | 2 comments

OpenOffice security issues unfixed in over 365 days, security status Amber (apache.org)
This was extracted (@ 2024-12-18 21:10) from a list of minutes which have been approved by the Board. Please Note The Board typically approves the minutes of the previous meeting at the beginning of every Board meeting; therefore, the list below does not normally contain details from the minutes of the most recent Board meeting.

Cybersecurity, Apache, Software Security, Vulnerability

8 points by mksaunders2 23 days ago | 3 comments

Yearlong supply-chain attack targeting security pros steals 390K credentials (arstechnica.com)
A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.

Cybersecurity, Data Breaches, Software Security

36 points by rntn 35 days ago | 4 comments

Fault Injection – Down the Rabbit Hole (humanativaspa.it)
This series of articles describes fault injection attack techniques in order to understand their real potential by testing their limits and applicability with limited hardware (available on the market at an acceptable cost). It explores possible ways of using an attack that, in my opinion, is greatly underestimated.

Cybersecurity, Software Security, Fault Injection, Attack Techniques

69 points by voxadam 66 days ago | 4 comments

Manifest V3 fails to prevent data theft and malware exploitation (techradar.com)

Web Security, Browser Extensions, Software Security, Malware

14 points by josephcsible 68 days ago | 0 comments

Bad software keeps cyber security companies in business (dogesec.com)
Despite countless frameworks, best practices, blog posts… so many developers still hardcode credentials into their code.

Cybersecurity, Software Development, Software Security

38 points by aquastorm 74 days ago | 12 comments

Google: 70% of exploited flaws disclosed in 2023 were zero-days (bleepingcomputer.com)
Google Mandiant security analysts warn of a worrying new trend of threat actors demonstrating a better capability to discover and exploit zero-day vulnerabilities in software.

Cybersecurity, Zero-Day Vulnerabilities, Google, Software Security, Threat Intelligence

8 points by thepuppet33r 93 days ago | 0 comments

A Comprehensive Analysis of Package Hallucinations by Code Generating LLMs (arxiv.org)
The reliance of popular programming languages such as Python and JavaScript on centralized package repositories and open-source software, combined with the emergence of code-generating Large Language Models (LLMs), has created a new type of threat to the software supply chain: package hallucinations.

Generative AI, Software Security, Programming Languages, Code Generation

31 points by rntn 109 days ago | 9 comments

PC Floppy Copy Protection: Vault Prolok (blogspot.com)
This is Part 4 of a series on PC floppy copy protection methods. You can read the previous parts here:

Retro Computing, Hardware, History, Software Security, Copy Protection

63 points by GloriousCow 111 days ago | 8 comments

Unsafe Impedance: Safe Languages and Safe by Design Software (arxiv.org)
In December 2023, security agencies from five countries in North America, Europe, and the south Pacific produced a document encouraging senior executives in all software producing organizations to take responsibility for and oversight of the security of the software their organizations produce.

Software Security, Programming Languages, Software Engineering, Government Regulations

7 points by dan353hehe 113 days ago | 1 comments

Eliminating Memory Safety Vulnerabilities at the Source (googleblog.com)
Memory safety vulnerabilities remain a pervasive threat to software security. At Google, we believe the path to eliminating this class of vulnerabilities at scale and building high-assurance software lies in Safe Coding, a secure-by-design approach that prioritizes transitioning to memory-safe languages.

Software Security, Memory Safety, Programming Languages

330 points by coffeeaddict1 114 days ago | 190 comments

Malware Developers Increasingly Use V8 JavaScript for Evasion (cyberinsider.com)

Cybersecurity, Malware, JavaScript, Software Security

4 points by thunderbong 192 days ago | 0 comments

Ampere: Making Future Software Memory-Safe, a Path Towards Secure Cloud (amperecomputing.com)

Software Security, Cloud Computing, Memory Safety, Hardware

4 points by pjmlp 196 days ago | 0 comments

Unverified NPM Account Takeover Vulnerability for Sale on Dark Web Forum (socket.dev)

Cybersecurity, Software Security, Dark Web, NPM, Vulnerability

53 points by feross 196 days ago | 4 comments

Content Injection Attack on GitHub (github.com/younesbram)