GitHub

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta

Application Security, GitHub, Vulnerabilities /

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta 2024-03-21 at 14:16 By Ionut Arghire GitHub’s code scanning autofix delivers remediation suggestions for two-thirds of the identified vulnerabilities. The post GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source

GitHub Rolls Out ‘Code Scanning Autofix’ in Public Beta Read More »

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software /

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs 2024-03-21 at 07:31 By Mirko Zorz WebCopilot is an open-source automation tool that enumerates a target’s subdomains and discovers bugs using various free tools. It simplifies the application security workflow and reduces reliance on manual scripting. “I built this solution to streamline the application security process, specifically

WebCopilot: Open-source automation tool enumerates subdomains, detects bugs Read More »

Lynis: Open-source security auditing tool

Don't miss, GitHub, Hot stuff, Linux, macOS, News, open source, scanning, software, Unix /

Lynis: Open-source security auditing tool 2024-03-19 at 06:06 By Mirko Zorz Lynis is a comprehensive open-source security auditing tool for UNIX-based systems, including Linux, macOS, and BSD. Hardening with Lynis Lynis conducts a thorough security examination of the system directly. Its main objective is to evaluate security measures and recommend enhancing system hardening. The tool

Lynis: Open-source security auditing tool Read More »

Quicmap: Fast, open-source QUIC protocol scanner

Don't miss, GitHub, networking, News, open source, penetration testing, scanning, software /

Quicmap: Fast, open-source QUIC protocol scanner 2024-03-18 at 12:01 By Mirko Zorz Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs. “As I started researching the QUIC protocol, I noticed that my favorite scanner had

Quicmap: Fast, open-source QUIC protocol scanner Read More »

90% of exposed secrets on GitHub remain active for at least five days

cybersecurity, Data leak, GitGuardian, GitHub, News, report, survey /

90% of exposed secrets on GitHub remain active for at least five days 2024-03-15 at 07:30 By Help Net Security 12.8 million new secrets occurrences were leaked publicly on GitHub in 2023, +28% compared to 2022, according to GitGuardian. Remarkably, the incidence of publicly exposed secrets has quadrupled since the company started reporting in 2021.

90% of exposed secrets on GitHub remain active for at least five days Read More »

MobSF: Open-source security research platform for mobile apps

Android, code analysis, cybersecurity, Don't miss, GitHub, Hot stuff, iOS, mobile, mobile apps, mobile devices, News, open source, software /

MobSF: Open-source security research platform for mobile apps 2024-03-14 at 07:30 By Mirko Zorz The Mobile Security Framework (MobSF) is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation. The Static Analyzer is adept

MobSF: Open-source security research platform for mobile apps Read More »

CloudGrappler: Open-source tool detects activity in cloud environments

AWS, Azure, Cado Security, cloud security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, Permiso, software /

CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and

CloudGrappler: Open-source tool detects activity in cloud environments Read More »

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA)

GitHub, MITRE, News, open source, software /

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) 2024-03-08 at 06:51 By Mirko Zorz MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The

OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) Read More »

New infosec products of the week: March 8, 2024

Check Point, Delinea, GitHub, News, Pentera, Sentra /

New infosec products of the week: March 8, 2024 2024-03-08 at 06:07 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Check Point, Delinea, Pentera, and Sentra. Delinea Privilege Control for Servers enforces least privilege principles on critical systems In Privilege Control for Servers, session

New infosec products of the week: March 8, 2024 Read More »

Tazama: Open-source real-time fraud management

Compliance, cybersecurity, fraud, GitHub, monitoring, News, open source, software, The Linux Foundation /

Tazama: Open-source real-time fraud management 2024-03-07 at 07:39 By Help Net Security Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide. Previously, the financial sector struggled with proprietary solutions that were both expensive and restrictive, impeding

Tazama: Open-source real-time fraud management Read More »

RiskInDroid: Open-source risk analysis of Android apps

Android, code analysis, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s

RiskInDroid: Open-source risk analysis of Android apps Read More »

GitHub push protection now on by default for public repositories

Data leak, Don't miss, GitHub, Hot stuff, News, open source /

GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret

GitHub push protection now on by default for public repositories Read More »

Securing software repositories leads to better OSS security

CISA, Don't miss, framework, GitHub, Hot stuff, Malware, News, open source, OpenSSF, PyPI /

Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s

Securing software repositories leads to better OSS security Read More »

New infosec products of the week: March 1, 2024

Exabeam, GitHub, Legato Security, News, Spin.AI, Viavi Solutions /

New infosec products of the week: March 1, 2024 2024-03-01 at 06:02 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from Legato Security, Exabeam, Spin.AI, and Viavi Solutions. Legato Security Ensemble helps organizations prevent breaches Ensemble addresses the challenges businesses face in securing their networks

New infosec products of the week: March 1, 2024 Read More »

BobTheSmuggler: Open-source tool for undetectable payload delivery

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software /

BobTheSmuggler: Open-source tool for undetectable payload delivery 2024-02-29 at 08:03 By Mirko Zorz BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios. Features Hiding

BobTheSmuggler: Open-source tool for undetectable payload delivery Read More »

Web Check: Open-source intelligence for any website

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, OSINT, penetration testing, web analytics, web technologies /

Web Check: Open-source intelligence for any website 2024-02-26 at 08:02 By Mirko Zorz Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup, tracking, logging,

Web Check: Open-source intelligence for any website Read More »

New infosec products of the week: February 23, 2024

GitHub, ManageEngine, Metomic, News, Pindrop, Truffle Security /

New infosec products of the week: February 23, 2024 2024-02-23 at 07:32 By Help Net Security Here’s a look at the most interesting products from the past week, featuring releases from ManageEngine, Metomic, Pindrop, and Truffle Security. Pindrop Pulse offers protection against audio deepfakes Pindrop Pulse’s ability to detect deepfakes provides organizations and their customers

New infosec products of the week: February 23, 2024 Read More »

TruffleHog: Open-source solution for scanning secrets

authentication, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, scanning, software /

TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was

TruffleHog: Open-source solution for scanning secrets Read More »

CVE Prioritizer: Open-source tool to prioritize vulnerability patching

CVE, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software /

CVE Prioritizer: Open-source tool to prioritize vulnerability patching 2024-02-19 at 08:01 By Mirko Zorz CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your

CVE Prioritizer: Open-source tool to prioritize vulnerability patching Read More »

5 free digital forensics tools to boost your investigations

computer forensics, cybersecurity, digital forensics, Don't miss, GitHub, Hot stuff, News, software /

5 free digital forensics tools to boost your investigations 2024-02-15 at 07:32 By Help Net Security Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it’s a key component of incident response. Additionally, digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack.

5 free digital forensics tools to boost your investigations Read More »

Scroll to Top