Tag: open-source
-
SafeLine: Open-source web application firewall (WAF)
SafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. >>SafeLine WAF was created to protect web … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/safeline-open-source-web-application-firewall-waf/
-
70% of open-source components are poorly or no longer maintained
The geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/open-source-contributions-risks/
-
Discover the future of Linux security
Explore open source strategies to safeguard critical systems and data First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/discover_the_future_of_linux/
-
Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams
Nextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/03/nextcloud-talk-open-source-microsoft-teams-alternative/
-
Critical Vulnerability Found in Zabbix Network Monitoring Tool
A critical-severity vulnerability in open source enterprise network monitoring tool Zabbix could lead to full system compromise. The post Critical Vulnerability Found in Zabbix Network Monitoring Tool appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerability-found-in-zabbix-network-monitoring-tool/
-
Open source router firmware project OpenWrt ships its own entirely repairable hardware
‘Forever unbrickable’ Wi-Fi 6 box from Banana Pi comes packaged or in kit form First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/openwrt_one_foss_wifi_router/
-
Check Point entdeckt Typosquatting-Kampagne über PyPI
Für Sicherheitskräfte ist es wichtig, auf das inhärente Risiko hinzuweisen, das mit Open-Source-Komponenten verbunden ist, auch angesichts der zunehme… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-typosquatting-kampagne-ueber-pypi/a36934/
-
Logpoint kommentiert XZ Utils Sicherheitslücke in der SoftwareChain
Insgesamt unterstreicht der Vorfall die Notwendigkeit einer verstärkten Aufmerksamkeit für die Sicherheitsaspekte von Open-Source-Software und die Bed… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/logpoint-kommentiert-xz-utils-sicherheitsluecke-in-der-software-supply-chain/a37025/
-
JFrog fördert sichere KI-Entwicklung mit Integration von Databricks MLflow
Die neue JFrog Artifactory-Integration bietet Entwicklern und Data Scientists eine Open Source Software-Lösung, um die Entwicklung von ML-Modellen zu … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-foerdert-sichere-ki-entwicklung-mit-integration-von-databricks-mlflow/a37220/
-
Sysdig unterstützt AWS-Kunden bei der Einhaltung von KI-Richtlinien
Sysdig, bekannt für die Entwicklung von Falco, dem Open-Source-Standard für Cloud-Bedrohungserkennung, unterstreicht die Wichtigkeit einer schnellen R… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-unterstuetzt-aws-kunden-bei-der-einhaltung-von-ki-richtlinien/a37639/
-
SpaceNet bietet neue Cloud-Lösung auf Basis der KVM-Open-Source-Technologie
Eines der größten Unterscheidungsmerkmale von SpaceNet gegenüber Hyperscalern ist die ausgeprägte Service-Mentalität. Die Integration eines Cloud-Ange… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/spacenet-bietet-neue-cloud-loesung-auf-basis-der-kvm-open-source-technologie/a37932/
-
Venafi veröffentlicht Forschungsbericht über Risiken von KI-generiertem und Open-Source-Code
Neue Venafi-Studie zeigt, dass KI- und Open-Source-gestützte Entwicklung die Sicherheit gefährdet – viele Sicherheitsverantwortliche wollen KI-Code ve… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/venafi-veroeffentlicht-forschungsbericht-ueber-risiken-von-ki-generiertem-und-open-source-code/a38359/
-
Tanium kommentiert die Nutzung von Open Source Software und deren Gefahren
Angesichts der zunehmenden Cyberbedrohungen ist ein proaktiver und ganzheitlicher Ansatz für die IT-Sicherheit unerlässlich. Moderne Sicherheitslösung… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tanium-kommentiert-de-nutzung-von-open-source-software-und-deren-gefahren/a38641/
-
Kann Open-Source-Software sicher sein?
First seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/we-live-progress/kann-open-source-software-sicher-sein/
-
Penetration Testing on MYSQL (Port 3306)
MySQL is an open-source Relational Database Management System (RDBMS). It is widely used for managing and organizing data in a structured format, usin… First seen on hackingarticles.in Jump to article: www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
-
Solana Program Security Part1
Solana is a web-scale, open-source blockchain protocol that is fast, secure, and fully decentralized. The protocol introduces eight core technologies … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/
-
GPG Memory Forensics
Pretty Good Privacy (PGP) and the open source implementation GNU Privacy Guard (GPG) are encryption solutions following the OpenPGP standard. Even if … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/06/16/gpg-memory-forensics/
-
Presenting zekrom: A library of arithmetization-oriented constructions for zk-SNARK circuits. Part 2: Halo2
Tags: open-sourcezekrom is an open-source library of arithmetization-oriented constructions for zkSNARK circuits. It was created as part of the MSc thesis work of Laur… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/07/04/presenting-zekrom-a-library-of-arithmetization-oriented-constructions-for-zk-snark-circuits-part-2-halo2/
-
Presenting zekrom: a library of arithmetization-oriented constructions for zkSNARK circuits. Part 1: arkworks-rs
Tags: open-sourcezekrom is an open-source library of arithmetization-oriented constructions for zkSNARK circuits. It was created as part of the MSc thesis work of Laur… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/05/30/presenting-zekrom-a-library-of-arithmetization-oriented-constructions-for-zksnark-circuits-part-1-arkworks-rs/
-
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
Kudelski Security has developed an open-source solution named YouShallNotPass (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP vali… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/01/youshallnotpass-hardening-ci-cd-pipelines-on-mission-critical-environments/
-
The KyberSlash vulnerability and the crystals-go library: A retrospective story
Introduction In this blog post we are going to talk about a security incident which involved an open-source library developed by a student working on
-
The Hidden Dangers in Open Source Libraries: A Closer Look at the Malicious Go Binary Hidden in a PyPI Package
First seen on thefinalhop.com Jump to article: www.thefinalhop.com/the-hidden-dangers-in-open-source-libraries-a-closer-look-at-the-malicious-go-binary-hidden-in-a-pypi-package/
-
CVE-2024-3094: Malicious Code in XZ Utils Enables RCE on Linux Systems
A recent analysis has revealed that the malicious code embedded in the widely-used open-source library XZ Utils (present in multiple Linux distros) ca… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-3094-xz-utils-linux/
-
Cyberkriminelle missbrauchen die Gaming Godot-Engine für Schadcode-Angriffe
Die Nutzung der Godot-Engine durch Cyberkriminelle zeigt, wie Open-Source-Software für bösartige Zwecke missbraucht werden kann. Angriffe wie diese stellen eine ernsthafte Bedrohung für Entwickler und Spieler dar und verdeutlichen die Notwendigkeit von Sicherheitsbewusstsein in der Gaming-Industrie. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cyberkriminelle-missbrauchen-die-gaming-godot-engine-fuer-schadcode-angriffe/a39105/
-
Wie man Videospiel-Engines für Hacking missbraucht
Check Point Software Technologies kam einer neuen Hacker-Masche auf die Spur. Mithilfe der Gaming-Engine können Cyberkriminelle verschiedene Betriebssysteme von vernetzten Geräten attackieren, darunter Windows, MacOS, Linux, Android und iOS. Verbreitet wird der schädliche Code von dem Malware-Netzwerk , die Check Point vor einigen Monaten untersucht hatte, über die Open-Source-Plattform Github. In […] First seen on…
-
Popular game script spoofed to infect thousands of game developers
A malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
A critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720.…
-
ProjectSend Authentication Vulnerability Exploited in the Wild
ProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the recent assignment of CVE-2024-11680 on November 25, 2024. Despite the availability of a patch for more than a year, adoption rates remain alarmingly low, leaving many instances vulnerable to attack. ProjectSend Authentication Vulnerability ProjectSend is moderately popular, with nearly 1,500…
-
Why Reachability Analysis is the Next Wave of Innovation for Software Composition Analysis (SCA)
The 2024 Open Source Security and Risk Analysis (OSSRA) report by Black Duck Software (ex Synopsys Software Integrity Group) found that 96% of applications contain open-source components, with an average of 526 components per application. Hence, it becomes critical to use a modern Software Composition Analysis (SCA) solution to manage large volumes of open-source components…
-
Cybersecurity Alert: MUT-8694 Supply Chain Attack Targets npm and PyPI Ecosystems
The open-source ecosystem has once again become the battleground for cybercriminals, as Datadog’s Security Research team uncovered a coordinated supply chain attack by an enigmatic threat actor designated MUT-8694. Leveraging... First seen on securityonline.info Jump to article: securityonline.info/cybersecurity-alert-mut-8694-supply-chain-attack-targets-npm-and-pypi-ecosystems/