Tag: open-source
-
Hottest cybersecurity open-source tools of the month: November 2024
This month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/27/open-source-cybersecurity-tools-november-2024/
-
New Sysdig CEO: Focus on Falco, AI and Fast Threat Response
New Sysdig CEO Bill Welch Aims to Expand Real-Time Response and GSI Partnerships. New CEO Bill Welch discusses Sysdig’s cloud security strategy, emphasizing AI, open-source leadership with Falco, and expansion plans to serve SMBs and midmarket businesses. He shares goals for real-time response and building a sustainable, profitable company. First seen on govinfosecurity.com Jump to…
-
Starbucks operations hit after ransomware attack on supply chain software vendor
Tags: ai, attack, ceo, control, crowdstrike, cybersecurity, hacker, monitoring, open-source, privacy, programming, radius, ransomware, risk, risk-assessment, service, software, supply-chain, tool, vulnerabilityStarbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company’s ability to process employee schedules and payroll, according to Reuters.Last week, Blue Yonder, a UK-based supply chain software vendor serving Starbucks and other retailers, acknowledged experiencing service disruptions due to a ransomware attack.”Blue Yonder experienced disruptions to…
-
Weaponized pen testers are becoming a new hacker staple
Tags: access, attack, cloud, credentials, defense, google, hacker, iam, intelligence, linux, macOS, malicious, malware, microsoft, open-source, password, penetration-testing, RedTeam, software, strategy, threat, tool, vulnerability, windowsMalicious adaptations of popular red teaming tools like Cobalt Strike and Metasploit are causing substantial disruption, emerging as a dominant strategy in malware campaigns.According to research by threat-hunting firm Elastic, known for its search-powered solutions, these two conventional penetration testing tools were weaponized to account for almost half of all malware activities in 2024.”The most…
-
Walking the Walk: How Tenable Embraces Its >>Secure by Design<< Pledge to CISA
Tags: access, application-security, attack, authentication, best-practice, business, cisa, cloud, conference, container, control, credentials, cve, cvss, cyber, cybersecurity, data, data-breach, defense, exploit, Hardware, identity, infrastructure, injection, Internet, leak, lessons-learned, mfa, open-source, passkey, password, phishing, risk, saas, service, siem, software, sql, strategy, supply-chain, theft, threat, tool, update, vulnerability, vulnerability-managementAs a cybersecurity leader, Tenable was proud to be one of the original signatories of CISA’s “Secure by Design” pledge earlier this year. Our embrace of this pledge underscores our commitment to security-first principles and reaffirms our dedication to shipping robust, secure products that our users can trust. Read on to learn how we’re standing…
-
Faux ChatGPT, Claude API Packages Deliver JarkaStealer
Attackers are betting that the hype around generative AI (GenAI) is attracting less technical, less cautious developers who might be more inclined to download an open source Python code package for free access, without vetting it or thinking twice. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/faux-chatgpt-claude-api-packages-jarkastealer
-
Admins better Spring into action over latest critical open source vuln
Tags: open-sourceFirst seen on theregister.com Jump to article: www.theregister.com/2024/10/29/admins_spring_into_action_over/
-
Tickt in der frei verfügbaren Open-Source-Software eine Security-Zeitbombe?
Open-Source: Meldungen, dass Cyberkriminelle Open-Source-Software mit gefährlichen Exploits oder Backdoors infiltrieren, häufen sich. Tickt in der frei verfügbaren Software eine Security-Zeitbombe? Wie können sich insbesondere Entwickler vor gefährlichen Backdoors oder Malware schützen? Netzpalaver hat zu dieser Fragestellung einige Statements aus der Netzpalaver-Community eingefangen, die sukzessive nachfolgend veröffentlicht werden. Statement von Harold Butzbach, Sysdig Statement […]…
-
Im Kontext der CRA-Umsetzung droht Herstellern Open-Source-Falle
Tags: open-sourceFirst seen on datensicherheit.de Jump to article: www.datensicherheit.de/kontext-cra-umsetzung-drohung-hersteller-open-source-falle
-
MSSP Market Update: Google’s AI Boost Identifies 26 New Vulnerabilities in Open-Source Projects
First seen on scworld.com Jump to article: www.scworld.com/news/mssp-market-update-googles-ai-boost-identifies-26-new-vulnerabilities-in-open-source-projects
-
Google AI Tool Finds 26 Bugs in Open-Source Projects
One Vulnerability Had Been Undiscovered for Two Decades, Researchers Said. Google researchers used an AI-powered fuzzing tool to identify 26 vulnerabilities in open-source code repositories, some of which had been lurking undiscovered for several decades. Each was found with AI, using AI-generated and enhanced fuzz targets, Google said. First seen on govinfosecurity.com Jump to article:…
-
Cybersecurity Snapshot: Prompt Injection and Data Disclosure Top OWASP’s List of Cyber Risks for GenAI LLM Apps
Tags: access, advisory, ai, application-security, attack, backup, best-practice, breach, cisa, cloud, computer, cve, cyber, cyberattack, cybercrime, cybersecurity, data, exploit, extortion, firewall, framework, governance, government, group, guide, Hardware, incident, incident response, infrastructure, injection, intelligence, Internet, LLM, malicious, microsoft, mitigation, mitre, monitoring, network, nist, office, open-source, powershell, privacy, ransomware, regulation, risk, risk-management, russia, service, skills, software, sql, strategy, supply-chain, tactics, technology, theft, threat, tool, update, vulnerability, vulnerability-management, windowsDon’t miss OWASP’s update to its “Top 10 Risks for LLMs” list. Plus, the ranking of the most harmful software weaknesses is out. Meanwhile, critical infrastructure orgs have a new framework for using AI securely. And get the latest on the BianLian ransomware gang and on the challenges of protecting water and transportation systems against…
-
Proxmox Virtual Environment 8.3: SDN-firewall integration, faster container backups, and more!
The Proxmox Virtual Environment 8.3 enterprise virtualization solution features management tools and a user-friendly web interface, allowing you to deploy open-source … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/22/open-source-proxmox-virtual-environment-8-3-released/
-
AI and Open Source Security: The Critical Role of AI-Powered Fuzzing in Finding Flaws
Google initiative First seen on thecyberexpress.com Jump to article: thecyberexpress.com/ai-in-fuzzing-uncovers-vulnerabilities/
-
Google’s AI-Powered OSS-Fuzz Tool Finds 26 Vulnerabilities in Open-Source Projects
Google has revealed that its AI-powered fuzzing tool, OSS-Fuzz, has been used to help identify 26 vulnerabilities in various open-source code repositories, including a medium-severity flaw in the OpenSSL cryptographic library.”These particular vulnerabilities represent a milestone for automated vulnerability finding: each was found with AI, using AI-generated and enhanced fuzz targets,” First seen on thehackernews.com…
-
AxoSyslog: Open-source scalable security data processor
AxoSyslog is a syslog-ng fork, created and maintained by the original creator of syslog-ng, Balazs Scheidler, and his team. “We first started by making syslog-ng more … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/21/axosyslog-open-source-scalable-security-data-processor/
-
GitHub Secure Open Source Fund: Project maintainers, apply now!
GitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/open-source-security-funding/
-
GitHub Launches Fund to Improve Open Source Project Security
GitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects. The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/github-launches-fund-to-improve-open-source-project-security/
-
RIIG Launches With Risk Intelligence Solutions
RIIG is a risk intelligence and cybersecurity solutions provider offering open-source intelligence solutions designed for zero-trust environments. First seen on darkreading.com Jump to article: www.darkreading.com/cyber-risk/riig-launches-risk-intelligence-solutions
-
Debunking myths about open-source security
In this Help Net Security interview, Stephanie Domas, CISO at Canonical, discusses common misconceptions about open-source security and how the community can work to dispel … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/stephanie-domas-canonical-open-source-maturity/
-
GitHub launches $1.25M open source fund with a focus on security
The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million…
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
IntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
Open Source-Schwachstellenscanner kann Domänencontroller schützen – Active Directory mit OpenVAS auf Sicherheitslücken untersuchen
Tags: open-sourceFirst seen on security-insider.de Jump to article: www.security-insider.de/active-directory-mit-openvas-auf-sicherheitsluecken-untersuchen-a-e8d9e6fb316f793be84ad448116605de/
-
Open-Source Security Tools are Free… And Other Lies We Tell Ourselves
The most expensive security tool isn’t the one you pay for – it’s the one that fails when you need it most. Just ask those 110,000 websites that thought they were saving money. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/11/open-source-security-tools-are-free-and-other-lies-we-tell-ourselves/
-
AlmaLinux 9.5 released: Security updates, new packages, and more!
AlmaLinux is a free, open-source, enterprise-grade Linux distribution. Governed and owned by the community, it offers a production-ready platform with binary compatibility to … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/almalinux-9-5-teal-serval-released/
-
Open-source and free Android password managers that prioritize your privacy
We’re often told to use strong, unique passwords, especially for important accounts like email, banking, and social media. However, managing different passwords for numerous … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/19/open-source-free-android-password-managers/
-
ScubaGear: Open-source tool to assess Microsoft 365 configurations for security gaps
ScubaGear is an open-source tool the Cybersecurity and Infrastructure Security Agency (CISA) created to automatically evaluate Microsoft 365 (M365) configurations for … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/18/scubagear-open-source-tool-assess-microsoft-365-security/
-
How to make open source software more secure
Earlier this year, a Microsoft developer realized that someone had inserted a backdoor into the code of open source utility XZ Utils, which is used in… First seen on techcrunch.com Jump to article: techcrunch.com/2024/11/01/how-to-make-open-source-software-more-secure/