The pro-Russia crowdsourced DDoS (distributed denial of service) project, ‘DDoSia,’ has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
The pro-Russia crowdsourced DDoS (distributed denial of service) project, ‘DDoSia,’ has seen a massive 2,400% growth in less than a year, with over ten thousand people helping conduct attacks on Western organizations. […] Read More
BleepingComputer
Copilot Autofix – A GitHub AI Tools Now Analyse Vulnerabilities And Fix It Automatically
Copilot Autofix is a newly launched feature of the GitHub Advanced Security (GHAS) and this feature was designed to make it easier for users to discover and fix code vulnerabilities.
AI tools are revolutionizing the cybersecurity landscape by enhancing several major factors like threat detection, automating processes, and providing valuable insights to combat sophisticated cyber threats.
These tools analyze large amounts of data in real-time using ML algorithms, enhancing complete productivity.
The tool supports multiple types of alerts, which are included in the Github Advanced Security package.
Consequently, it allows teams to concentrate on developing functionalities rather than on vulnerability repairs, which helps enhance repository security and developer productivity.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
This AI-driven tool solves a significant industry challenge; even though developers ship code faster than ever, security flaws continue to slip into production due to the difficulties in implementing security requirements.
Rather than only identifying problems, Copilot Autofix adopts a more holistic approach by scanning for bugs, explaining their significance, and providing recommendations on how to fix them.
The results obtained from beta-testing conducted from March 2024 up until July 2024 were impressive, making it possible for developers to fix vulnerabilities manually over three times faster than by using manual methods.
A broad spectrum of vulnerability classes, which include high-risk vulnerabilities such as cross-site scripting and SQL injection, are what the tool is able to handle.
Copilot Autofix is notable for its application in two ways:-
Preventive measures during pull requests for new vulnerabilities.
Addressing security debt on existing production codes.
The above flexibility coupled with its AI-based insights makes Copilot Autofix a game-changer for secure software development by filling up for time shortages and security expertise gaps that exist in the industry which helps significantly speed up the vulnerability remediation process.
Copilot Autofix uses CodeQL’s static analysis engine, GPT-4’s advanced language processing abilities, and GitHub Copilot’s code generation APIs to offer developers of all abilities a complete solution.
When a developer sees a security alert, they can start the Autofix process with just one simple click. The system will analyze the vulnerability in its context by clearly explaining what it is and then putting up tailored code to fix it.
Copilot Autofix is particularly useful for developers with no security background. It brings collective input from security experts during code reviews, making the entire software development environment secure and reducing time and money.
Also Read:
The post Copilot Autofix – A GitHub AI Tools Now Analyse Vulnerabilities And Fix It Automatically appeared first on Cyber Security News.
User ID Verification Service for TikTok, Uber, X Exposes Admin Credentials
AU10TIX, an Israel-based identity verification company that works with major tech platforms like TikTok, Uber, and X (formerly Twitter), inadvertently exposed a set of administrative credentials online for more than a year.
There was a security loophole that may have permitted unauthorized access to private user information, such as facial images and driver’s licenses used for identity confirmation.
The exposed credentials provided direct access to a logging platform containing links to identity documents and verification process results, such as “liveness” checks.
The compromised data included names, dates of birth, nationalities, ID numbers, and document images—information that, if obtained by malicious actors, could enable identity theft.
Free Webinar on API vulnerability scanning for OWASP API Top 10 vulnerabilities -> Book Your Spot
Evidence suggests that the exposed credentials were collected by malware in December 2022 and shared on a Telegram channel in March 2023, as indicated by timestamps and messages obtained by 404 Media.
While AU10TIX claims the system containing the exposed data has been decommissioned and there is no evidence of data exploitation, the potential impact on user privacy remains a concern.
The incident highlights the risks associated with the growing trend of social networks and online platforms requiring users to upload identity documents for verification purposes. X, for example, began requiring premium users to share government-issued IDs in 2024, two years after the initial credential exposure.
“Mossab Hussein, a chief security officer at spiderSilk cybersecurity firm and the first to identify the exposed credentials expressed concern over AU10TIX’s failure to implement basic security measures to safeguard users’ identities and confidential documents”.
The company has since informed affected customers and is transitioning to a new operating system with a heightened focus on security.
Some of AU10TIX’s partners, such as Upwork, had already switched to alternative verification providers before the incident. Others, like Fiverr and Coinbase, stated they were unaware of any data exposure but continue collaborating with AU10TIX.
As more online platforms move towards identity and age verification models, this breach underscores the importance of robust security measures to protect sensitive user data.
The increasing trend of hackers disclosing customer data on platforms like Telegram and the dark web further emphasizes the need for stringent data protection practices.
Free Webinar! 3 Security Trends to Maximize MSP Growth -> Register For Free
The post User ID Verification Service for TikTok, Uber, X Exposes Admin Credentials appeared first on Cyber Security News.
LockBit ransomware now poaching BlackCat, NoEscape affiliates
The LockBit ransomware operation is now recruiting affiliates and developers from the BlackCat/ALPHV and NoEscape after recent disruptions and exit scams. […] Read More
BleepingComputer