Password manager utility KeePass has had to defend its reputation following the discovery of a potential vulnerability that could expose users’ secret data. However, the company states the issue only arises if an attacker already controls a compromised account. Additionally, OpenSSL project has released patches to address a variety of vulnerabilities, including a high-impact flaw. In related news, a system administrator on Reddit was victim of a phishing attack, gaining the attackers access to some internal documents and code.
The NCSC wants developers to get serious on software security
The NCSC’s new Software Security Code of Practice has been praised by cyber professionals as a significant advancement in enhancing software supply chain security.
