Tag: open-source
-
OpenSSL patched high-severity flaw CVE-2024-12797
OpenSSL patched the vulnerability CVE-2024-12797, a high-severity flaw found by Apple that enables man-in-the-middle attacks. The OpenSSL Project addressed a high-severity vulnerability, tracked as CVE-2024-12797, in its secure communications library. The OpenSSL software library allows secure communications over computer networks against eavesdropping or need to identify the party at the other end. OpenSSL contains an open-source implementation…
-
World Economic Forum Annual Meeting 2025: Takeaways, reflections, and learnings for the future
Tags: attack, best-practice, ceo, cyber, cyberattack, cybercrime, cybersecurity, finance, fortinet, group, intelligence, international, law, lessons-learned, mitigation, open-source, organized, risk, strategy, tactics, technology, threatIncreasingly sophisticated threat actors in the evolving cybersecurity landscape In a world where cybercriminals often operate with a level of efficiency mirroring that of Fortune 500 companies, it is essential that we look to ways we can better collaborate to counter them. Unfortunately, there is still a lot of room for improvement; in 2023, 87%…
-
Small praise for modern compilers – A case of Ubuntu printing vulnerability that wasn’t
By Aleksandar NikolichEarlier this year, we conducted code audits of the macOS printing subsystem, which is heavily based on the open-source CUPS package. During this investigation, IPP-USB protocol caught our attention. IPP over USB specification defines how printers that are available over USB can only still support network printing First seen on blog.talosintelligence.com Jump to…
-
Beelzebub: Open-source honeypot framework
Beelzebub is an open-source honeypot framework engineered to create a secure environment for detecting and analyzing cyber threats. It features a low-code design for seamless … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/10/beelzebub-open-source-honeypot-framework/
-
‘Maybe the problem is you’ … Linus Torvalds wades into Linux kernel Rust driver drama
Open source project chief hits out at ‘social media brigading’ First seen on theregister.com Jump to article: www.theregister.com/2025/02/07/linus_torvalds_rust_driver/
-
French AI Action Summit, What Can We Expect?
Summit to Focus on Open-Source, AI Governance and Development. The historic presidential Élysée Palace in Central Paris will host world leaders, tech CEOs and researchers for the French AI Action Summit, a two-day event that will commence on Monday. U.S. Vice President JD Vance, OpenAI CEO Sam Altman and Google’s Sundar Pichai will be on…
-
Asian Governments Rush to Ban DeepSeek Over Privacy Concerns
Governments Are Skeptical of Chinese A1 Platform’s Data Security Controls. Countries across Asia are racing to ban government officials, national agencies and critical infrastructure organizations from using Chinese artificial intelligence company DeepSeek’s open-source chatbot application, citing data security and privacy risks. First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/asian-governments-rush-to-ban-deepseek-over-privacy-concerns-a-27476
-
Attackers hide malicious code in Hugging Face AI model Pickle files
Tags: ai, data, github, malicious, ml, open-source, programming, remote-code-execution, risk, service, software, threat, tool, vulnerabilityLike all repositories of open-source software in recent years, AI model hosting platform Hugging Face has been abused by attackers to upload trojanized projects and assets with the goal of infecting unsuspecting users. The latest technique observed by researchers involves intentionally broken but poisoned Python object serialization files called Pickle files.Often described as the GitHub…
-
ISMG Editors: AI Security Wake-Up Call From DeepSeek
Tags: ai, api, ciso, data, data-breach, governance, leak, open-source, risk, risk-management, vulnerabilityAlso: Addressing AI Vulnerabilities and Governance Challenges. DeepSeek, an advanced open-source AI model, is under scrutiny for its safety guardrails failing multiple security tests and a data leak that exposed user information and API keys. Sam Curry, CISO at Zscaler, discusses AI security, risk management and upcoming U.S. policy changes. First seen on govinfosecurity.com Jump…
-
BSI-Analyse von OSS Nextcloud legt Schwachstellen offen
Spannende Geschichte. Das Bundesamt für Sicherheit in der Informationstechnik (BSI) hat die Open Source Kollaborationssoftware Nextcloud im Hinblick auf ihre Sicherheitseigenschaften untersucht. Dabei wurden mehrere Schwachstellen identifiziert. Unter anderem hätte sich die Zweifaktor-Authentifizierung umgehen lassen. Nextcloud ist eine auf einem … First seen on borncity.com Jump to article: www.borncity.com/blog/2025/02/07/bsi-analyse-von-oss-nextcloud-legt-schwachstellen-offen/
-
Ghidra 11.3 Released A Major Update to NSA’s Open-Source Tool
Tags: cyber, cybersecurity, linux, macOS, open-source, reverse-engineering, software, tool, update, windowsThe National Security Agency (NSA) has officially released Ghidra 11.3, the latest iteration of its open-source software reverse engineering (SRE) framework. Known for its robust capabilities in analyzing compiled code across multiple platforms, including Windows, macOS, and Linux, this release introduces significant enhancements aimed at improving performance and usability for cybersecurity professionals. One of the…
-
Security-Insider Podcast Folge 96 – Digitale Souveränität stärken mit oder ohne Open Source
Tags: open-sourceFirst seen on security-insider.de Jump to article: www.security-insider.de/podcast-96-digitale-souveraenitaet-deutschland-open-source-a-ad9cae7ee8fa13fae9f529b343930e17/
-
Ghidra 11.3 released: New features, performance improvements, bug fixes
NSA’s Research Directorate released version 11.3 of Ghidra, an open-source software reverse engineering (SRE) framework. It offers advanced analysis tools, enabling users to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/07/ghidra-11-3-released-new-features-performance-improvements-bug-fixes/
-
North Korean Hackers Use custom-made RDP Wrapper to activate remote desktop on Hacked Machines
In a concerning development, the North Korean-backed hacking group Kimsuky has intensified its use of custom-built tools to exploit Remote Desktop Protocol (RDP) for controlling compromised systems. AhnLab Security Intelligence Center (ASEC) reports that the group has developed a proprietary version of the open-source RDP Wrapper to enable remote desktop access on machines where this…
-
Mixing Rust and C in Linux likened to cancer by kernel maintainer
Some worry multi-lang codebase makes it harder to maintain open source uber-project, others disagree First seen on theregister.com Jump to article: www.theregister.com/2025/02/05/mixing_rust_and_c_linux/
-
Open-Source AI: Power Shift or Pandora’s Box?
Could Open-Source AI Redefine the Future? Here’s What Experts Say. Open-source AI is shaking up the industry, challenging traditional large and small language models and raising new security concerns. With DeepSeek-R1 leading the charge, experts weigh in on the risks, rewards and the future of AI monetization. Is the future of AI open – or…
-
IBM Cloud Pak Security Vulnerabilities Expose Sensitive Data to Attackers
IBM recently disclosed a series of significant security vulnerabilities in its Cloud Pak for Business Automation platform, raising alarms about the potential exposure of sensitive data to malicious actors. The security issues, detailed in an official bulletin published on February 4, 2025, affect multiple versions of the Cloud Pak ecosystem and associated open-source components. Vulnerabilities…
-
Weaponized Go Package Module Let Attackers Gain Remote Access to Infected Systems
Tags: access, attack, backdoor, cyber, cybersecurity, malicious, open-source, software, supply-chain, threatIn a significant software supply chain attack, cybersecurity researchers uncovered a malicious Go package that impersonates the widely trusted BoltDB database module. The typosquat packagegithub.com/boltdb-go/bolt was found to include a backdoor enabling remote access to infected systems, allowing attackers to execute arbitrary commands. This discovery underscores the growing sophistication of threats targeting open-source ecosystems. The…
-
Anfällig durch Open Source – So könnten Cyberkriminelle DeepSeek für Angriffe nutzen
First seen on security-insider.de Jump to article: www.security-insider.de/datenschutzrisiken-missbrauch-deepseek-ki-a-d459c8597c3b958b2cae648a324a93c4/
-
OpenNHP: Cryptography-driven zero trust protocol
OpenNHP is the open-source implementation of NHP (Network-resource Hiding Protocol), a cryptography-based zero trust protocol for safeguarding servers and data. OpenNHP offers … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/05/opennhp-cryptography-driven-zero-trust-protocol/
-
New trojan hijacks Linux and IoT devices
There’s a new trojan on the block, one that specifically targets network appliances and internet of things (IoT) devices running the open-source Linux operating system.FortiGuard Labs has identified a new malware kit, dubbed “ELF/Sshdinjector.A!tr”, that has the ability to infect and remotely control systems, establish root privilege, maintain malware presence, exfiltrate data such as user…
-
New PyPI Archiving System Aims to Curb Open-Source Security Risks
First seen on scworld.com Jump to article: www.scworld.com/brief/new-pypi-archiving-system-aims-to-curb-open-source-security-risks
-
Russian SmokeLoader Campaign in Ukraine Uses 7-Zip Zero-Day
Tags: credentials, cybercrime, espionage, government, hacker, open-source, russia, ukraine, vulnerability, zero-dayEspionage and Cybercrime Campaign Tied to 7-Zip Mark-of-the-Web Bypass Hits. Russian hackers targeting Ukrainian government agencies and businesses – including a major automotive manufacturer – have been targeting a zero-day vulnerability in the open source and widely used 7-Zip archive utility, to infect systems with credential-stealing SmokeLoader malware. First seen on govinfosecurity.com Jump to article:…
-
Russian cybercrooks exploiting 7-Zip zero-day vulnerability (CVE-2025-0411)
CVE-2025-0411, a Mark-of-the-Web bypass vulnerability in the open-source archiver tool 7-Zip that was fixed in November 2024, has been exploited in zero-day attacks to deliver … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/02/04/russian-cybercrooks-exploited-7-zip-zero-day-vulnerability-cve-2025-0411/
-
Studie: Cyberkriminelle überraschend KI-skeptisch
Eine aktuelle Analyse von Cybercrime-Foren zeigt: Trotz aller Befürchtungen setzen Kriminelle Künstliche Intelligenz bislang nur begrenzt für ihre Angriffe ein. Doch das könnte sich bald ändern. Mit ‘DeepSeek” taucht ein neues KI-gestütztes Tool auf, das als Open Source frei verfügbar ist und so möglicherweise zur willkommenen Beute für Cyberkriminelle wird. First seen on itsicherheit-online.com Jump…
-
Multiple Flaws in Dell PowerProtect Allow System Compromise
Dell has released a Critical Security Update (DSA-2025-022) for its PowerProtect Data Domain (DD) systems to address multiple vulnerabilities that could allow attackers to compromise affected systems. These vulnerabilities, identified in various components and open-source dependencies, highlight the importance of timely patching to safeguard enterprise data protection environments. Impact of the Disclosed Vulnerabilities The vulnerabilities include seven…
-
Roundcube XSS Flaw Allows Attackers to Inject Malicious Files
A critical Cross-Site Scripting (XSS) vulnerability has been discovered in the popular open-source webmail client,Roundcube, potentially exposing users to serious security risks. Tracked as CVE-2024-57004, the flaw affects Roundcube Webmail version 1.6.9 and allows remote authenticated users to upload malicious files disguised as email attachments. Once the malicious file is uploaded, the vulnerability can be triggered when the…
-
New PyPI project archiving system aims to curb open-source security risks
First seen on scworld.com Jump to article: www.scworld.com/brief/new-pypi-project-archiving-system-aims-to-curb-open-source-security-risks