Tag: open-source
-
Unternehmen ertrinken in Software-Schwachstellen
Tags: ai, cve, cyersecurity, framework, open-source, risk, software, strategy, supply-chain, vulnerability, xssDie durchschnittliche Behebungszeit für Sicherheitslücken ist in den vergangenen fünf Jahren deutlich gestiegen. Laut dem aktuellen State of Software Security Report von Veracode ist die durchschnittliche Behebungszeit für Sicherheitslücken in den vergangenen fünf Jahren von 171 auf 252 Tage gestiegen.Darüber hinaus weist die Hälfte (50 Prozent) der Unternehmen inzwischen eine risikoreiche “Sicherheitsschuld” auf, die länger…
-
NetBird: Open-source network security
NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single platform to build … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/12/netbird-open-source-network-security/
-
BSides Exeter 2024 Purple Track Cedar, An Open Source Project To Help You Decouple Your Authorisation Logic
Author/Presenter: Ricardo Sueiras Our thanks to Bsides Exeter, and the Presenters/Authors for publishing their timely Bsides Exeter Conference content. All brought to you via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/bsides-exeter-2024-purple-track-cedar-an-open-source-project-to-help-you-decouple-your-authorisation-logic/
-
Sonatype Brings Supply Chain Security Tools to Open Source AI
First seen on scworld.com Jump to article: www.scworld.com/news/sonatype-brings-supply-chain-security-tools-to-open-source-ai
-
UK Government Report Calls for Stronger Open Source Supply Chain Security Practices
Report from the Department for Science, Innovation Technology (DSIT) finds weaknesses in current practices. The post UK Government Report Calls for Stronger Open Source Supply Chain Security Practices appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/uk-government-report-calls-for-stronger-open-source-supply-chain-security-practices/
-
Apache Pinot Vulnerability Allows Attackers to Bypass Authentication
A significant security vulnerability affecting Apache Pinot, an open-source distributed data store designed for real-time analytics, has been publicly disclosed. The flaw, identified as CVE-2024-56325, allows remote attackers to bypass authentication on vulnerable installations, posing a critical threat to affected systems. Vulnerability Details The vulnerability stems from improper neutralization of special elements in URIs handled by…
-
Companies are drowning in high-risk software security debt, and the breach outlook is getting worse
Flaw prevalence: Leading organizations have flaws in fewer than 43% of applications, while lagging organizations exceed 86%.Fix capacity: Leaders resolve over 10% of flaws monthly, whereas laggards address less than 1%.Fix speed: Top performers remediate half of flaws in five weeks; lower-performing organizations take longer than a year.Security debt prevalence: Less than 17% of applications…
-
Apache Tomcat Flaw Could Allow RCE Attacks on Servers
Tags: apache, attack, cyber, flaw, open-source, rce, remote-code-execution, risk, software, vulnerabilityApache Tomcat, a widely used open-source web server software, has faced numerous security vulnerabilities in recent years. Some critical issues put servers at risk of remote code execution (RCE) and other attacks. These vulnerabilities highlight the importance of keeping software up-to-date and properly configured to prevent potential exploits. Detailed Vulnerabilities: Below is a formatted table…
-
Over 1000 Malicious Packages Found Exploiting Open-Source Platforms
Over 1,000 malicious packages found using low file counts, suspicious installs, and hidden APIs. Learn key detection methods… First seen on hackread.com Jump to article: hackread.com/malicious-packages-exploiting-open-source-platforms/
-
The Invisible Battlefield Behind LLM Security Crisis
Overview In recent years, with the wide application of open-source LLMs such as DeepSeek and Ollama, global enterprises are accelerating the private deployment of LLMs. This wave not only improves the efficiency of enterprises, but also increases the risk of data security leakage. According to NSFOCUS Xingyun Lab, from January to February 2025 alone, five…The…
-
Hetty: Open-source HTTP toolkit for security research
Hetty is an open-source HTTP toolkit designed for security research, offering a free alternative to commercial tools like Burp Suite Pro. Built with the needs of penetration … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/10/hetty-open-source-http-toolkit-security-research/
-
New Chirp tool uses audio tones to transfer data between devices
A new open-source tool named ‘Chirp’ transmits data, such as text messages, between computers (and smartphones) through different audio tones. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/software/new-chirp-tool-uses-audio-tones-to-transfer-data-between-devices/
-
Multiple Jenkins Vulnerabilities Allow Attackers to Expose Secrets
Jenkins, the widely-used open-source automation server, issued a high-priority security advisory on March 5, 2025, disclosing four medium-severity vulnerabilities affecting its core platform. The flaws”, tracked as CVE-2025-27622 through CVE-2025-27625″, impact secrets management, cross-site request forgery (CSRF) protections, and URL validation. Immediate upgrades to Jenkins 2.500 (weekly) or 2.492.2 (LTS) are recommended to mitigate risks.…
-
Chainguard “FIPS” Apache Cassandra
Chainguard modified Cassandra so organizations needing FIPS-approved encryption can finally use it”, without risky workarounds or costly custom fixes. Apache Cassandr ia a powerful open-source database used by companies worldwide, but it wasn’t built with FIPS compliance in mind. Why Is This a Big Deal? Cassandra powers mission-critical systems for Netflix, Apple, and even the…
-
Fueling the Fight Against Identity Attacks
Tags: access, attack, business, cisco, cloud, conference, corporate, cyber, cybersecurity, exploit, identity, microsoft, open-source, penetration-testing, risk, service, software, technology, threat, tool, updateWhen we founded SpecterOps, one of our core principles was to build a company which brought unique insight into high-capability adversary tradecraft, constantly innovating in research and tooling. We aspired to set the cadence of the cyber security industry through a commitment to benefit our entire security community. Today, I am thrilled to announce that…
-
Chainguard’s FIPS-compliant Cassandra addresses security demand of federal and regulated markets
The new offering paves the way for orgs to use the widely popular open-source software with their highly sensitive data. First seen on cyberscoop.com Jump to article: cyberscoop.com/chainguard-fips-apache-cassandra-secure-by-design-open-source/
-
Fix Inventory: Open-source cloud asset inventory tool
Fix Inventory is an open-source tool for detecting compliance and security risks in cloud infrastructure accounts. It was built from the ground up for cloud-native … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/05/fix-inventory-open-source-cloud-asset-inventory-tool/
-
Interview mit Solarwinds Künstliche Intelligenz Open-Source versus kommerziell
Die künstliche Intelligenz optimiert bzw. revolutioniert die Arbeitsprozesse. Doch auf welche Lösung sollten Unternehmen setzen: Open-Source oder auf eine kommerzielle Variante. Sascha Giese, Global Tech Evangelist, Observability bei Solarwinds, zeigt im Remote-Interview mit Netzpalaver auf, vor welchen Herausforderungen Unternehmen bei dieser Entscheidung stehen. #Netzpalaver #Solarwinds Fragen: 0:05: Was die größten Herausforderungen für Unternehmen, […] First…
-
Bubba AI, Inc. is launching Comp AI to help 100,000 startups get SOC 2 compliant by 2032
Introducing Comp AI Comp AI is an open-source alternative to GRC automation platforms like Vanta and Drata. The platform includes several key features designed to automate compliance with frameworks such as SOC 2:A built-in risk register to help companies identify, document, and assess potential security risksOut-of-the-box security policies for modern companies, complete with an AI-powered…
-
SIEM-Kaufratgeber
Tags: access, ai, api, business, cloud, compliance, container, cyberattack, data, detection, DSGVO, encryption, framework, HIPAA, infrastructure, least-privilege, mail, microsoft, mitre, ml, monitoring, open-source, saas, service, siem, skills, soar, software, threat, toolDie kontextuellen Daten, die SIEM-Lösungen liefern, sind eine grundlegende Komponente moderner Security-Stacks.Protokoll-Daten zu auditieren, zu überprüfen und zu managen, ist alles andere als eine glamouröse Aufgabe aber ein entscheidender Aspekt, um ein sicheres Unternehmensnetzwerk aufzubauen. Schließlich schaffen Event Logs oft eine sekundäre Angriffsfläche für Cyberkriminelle, die damit ihre Aktivitäten verschleiern wollen.Vorgängen wie diesen treten Netzwerksicherheitsexperten…
-
Hackers Use ClickFix Trick to Deploy PowerShell-Based Havoc C2 via SharePoint Sites
Tags: api, communications, control, cybersecurity, framework, hacker, malware, microsoft, open-source, phishing, powershell, threatCybersecurity researchers are calling attention to a new phishing campaign that employs the ClickFix technique to deliver an open-source command-and-control (C2) framework called Havoc.”The threat actor hides each malware stage behind a SharePoint site and uses a modified version of Havoc Demon in conjunction with the Microsoft Graph API to obscure C2 communications within trusted,…
-
Ist SimpleWall noch sicher? Open-Source-Firewall für Windows möglicherweise kompromittiert
Ist SimpleWall noch sicher? Nutzer berichten über eine mögliche Kompromittierung der beliebten Open-Source-Firewall. First seen on tarnkappe.info Jump to article: tarnkappe.info/artikel/it-sicherheit/ist-simplewall-noch-sicher-open-source-firewall-fuer-windows-moeglicherweise-kompromittiert-311068.html
-
Mozilla flamed by Firefox fans after promises to not sell their data go up in smoke
Open source browser maker ties itself up in legalese and explanations First seen on theregister.com Jump to article: www.theregister.com/2025/03/02/mozilla_introduces_terms_of_use/
-
Commix: Open-source OS command injection exploitation tool
Commix is an open-source penetration testing tool designed to automate the detection and exploitation of command injection vulnerabilities, streamlining security assessments … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/03/03/commix-open-source-os-command-injection-exploitation-tool/
-
11 Application Security Testing Types
As organizations accelerate their release cycles and rely on complex software ecosystems, security vulnerabilities become harder to track”, and easier for attackers to exploit. From open-source dependencies to misconfigurations in production, security gaps can lead to data breaches, compliance failures, and costly downtime. First seen on securityboulevard.com Jump to article: securityboulevard.com/2025/03/11-application-security-testing-types/
-
Open Source Initiative defends disallowing board candidate after timezone SNAFU
Here’s another thing AI can do: Cause conflict around whether it’s compatible with the very idea of open source First seen on theregister.com Jump to article: www.theregister.com/2025/02/28/osi_election_ai_drama/