GitHub

Raven: Open-source CI/CD pipeline security scanner

cybersecurity, Cycode, Don't miss, GitHub, News, open source, scanning /

Raven: Open-source CI/CD pipeline security scanner 27/10/2023 at 08:32 By Help Net Security Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed […]

React to this headline:

Loading spinner

Raven: Open-source CI/CD pipeline security scanner Read More »

GOAD: Vulnerable Active Directory environment for practicing attack techniques

Active Directory, cybersecurity, GitHub, Hot stuff, News, open source, penetration testing /

GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our

React to this headline:

Loading spinner

GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »

Wazuh: Free and open-source XDR and SIEM

Elastic, GitHub, News, open source, SIEM, software, XDR /

Wazuh: Free and open-source XDR and SIEM 24/10/2023 at 07:00 By Help Net Security Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and

React to this headline:

Loading spinner

Wazuh: Free and open-source XDR and SIEM Read More »

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT

cybersecurity, GitHub, Government, ICS/SCADA, News, NSA /

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT 17/10/2023 at 05:02 By Help Net Security Cyber entities continue to show a persistent interest in targeting critical infrastructure by taking advantage of vulnerable OT assets. To counter this threat, NSA has released a repository for OT Intrusion Detection Signatures and Analytics to the NSA

React to this headline:

Loading spinner

ELITEWOLF: NSA’s repository of signatures and analytics to secure OT Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

React to this headline:

Loading spinner

Yeti: Open, distributed, threat intelligence repository Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Chalk: Open-source software security and infrastructure visibility tool

Crash Override, cybersecurity, Don't miss, GitHub, News, software, software development /

Chalk: Open-source software security and infrastructure visibility tool 03/10/2023 at 06:32 By Mirko Zorz Chalk is a free, open-source tool that helps improve software security. You add a single line to your build script, and it will automatically collect and inject metadata into every build artifact: source code, binaries, and containers. Gaining visibility Chalk enables

React to this headline:

Loading spinner

Chalk: Open-source software security and infrastructure visibility tool Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity /

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

React to this headline:

Loading spinner

Securing GitHub Actions for a safer DevOps pipeline Read More »

Stolen GitHub Credentials Used to Push Fake Dependabot Commits

Application Security, GitHub /

Stolen GitHub Credentials Used to Push Fake Dependabot Commits 27/09/2023 at 17:17 By Ionut Arghire Threat actors have been using stolen GitHub personal access tokens to push malicious code posing as Dependabot contributions. The post Stolen GitHub Credentials Used to Push Fake Dependabot Commits appeared first on SecurityWeek. This article is an excerpt from SecurityWeek

React to this headline:

Loading spinner

Stolen GitHub Credentials Used to Push Fake Dependabot Commits Read More »

Network Flight Simulator: Open-source adversary simulation tool

AlphaSOC, cybersecurity, Don't miss, GitHub, News, research, software /

Network Flight Simulator: Open-source adversary simulation tool 27/09/2023 at 06:31 By Mirko Zorz Network Flight Simulator is a lightweight utility that generates malicious network traffic and helps security teams evaluate security controls and network visibility. The tool performs tests to simulate DNS tunneling, DGA traffic, requests to known active C2 destinations, and other suspicious traffic

React to this headline:

Loading spinner

Network Flight Simulator: Open-source adversary simulation tool Read More »

Exela Stealer Spotted Targeting Social Media Giants

Discord, Discord Injection, Exela Stealer, Fake Error Message, GetIcon, GitHub, Keylogger, Open source stealer, PumpFile, Startup, Stealer, Telegram, Threat Actor, VM Machine /

Exela Stealer Spotted Targeting Social Media Giants 26/09/2023 at 16:31 By cybleinc Cyble Research and intelligence labs analyzes the latest version of Exela Stealer, observed targeting Social Media and gaming platforms. The post Exela Stealer Spotted Targeting Social Media Giants appeared first on Cyble. This article is an excerpt from Cyble View Original Source React

React to this headline:

Loading spinner

Exela Stealer Spotted Targeting Social Media Giants Read More »

BinDiff: Open-source comparison tool for binary files

Don't miss, GitHub, Google, News, software /

BinDiff: Open-source comparison tool for binary files 25/09/2023 at 13:01 By Help Net Security BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. It was made open source today. With BinDiff, you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and

React to this headline:

Loading spinner

BinDiff: Open-source comparison tool for binary files Read More »

LLM Guard: Open-source toolkit for securing Large Language Models

Artificial Intelligence, ChatGPT, Don't miss, GitHub, News, open source /

LLM Guard: Open-source toolkit for securing Large Language Models 19/09/2023 at 07:34 By Mirko Zorz LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. It provides extensive evaluators for both inputs and outputs of LLMs, offering sanitization, detection

React to this headline:

Loading spinner

LLM Guard: Open-source toolkit for securing Large Language Models Read More »

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages

Artificial Intelligence, cloud security, Data Exposure, GitHub, Microsoft, Supply Chain Security, Wiz /

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages 18/09/2023 at 21:18 By Ryan Naraine Exposed data includes backup of employees workstations, secrets, private keys, passwords, and over 30,000 internal Microsoft Teams messages. The post Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages appeared first on

React to this headline:

Loading spinner

Microsoft AI Researchers Expose 38TB of Data, Including Keys, Passwords and Internal Messages Read More »

Emerging Threat: Understanding the PySilon Discord RAT’s Versatile Features

GitHub, Malware, phishing, PySilon RAT, telecommunications, Threat Actors, trojan /

Emerging Threat: Understanding the PySilon Discord RAT’s Versatile Features 18/09/2023 at 18:09 By cybleinc Cyble Research and Intelligence Labs analyzes the Emerging PySilon Discord RAT and Explores its Versatile functionalities. The post Emerging Threat: Understanding the PySilon Discord RAT’s Versatile Features appeared first on Cyble. This article is an excerpt from Cyble View Original Source

React to this headline:

Loading spinner

Emerging Threat: Understanding the PySilon Discord RAT’s Versatile Features Read More »

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers

Don't miss, GitHub, hardware, News /

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers 12/09/2023 at 06:02 By Help Net Security Bruschetta-Board is a device for all hardware hackers looking for a fairly-priced all-in-one debugger and programmer that supports UART, JTAG, I2C & SPI protocols and allows to interact with different targets’ voltages (i.e., 1.8, 2.5, 3.3 and 5 Volts!). A

React to this headline:

Loading spinner

Bruschetta-Board: Multi-protocol Swiss Army knife for hardware hackers Read More »

MITRE Caldera for OT now available as extension to open-source platform

CISA, critical infrastructure, DHS, GitHub, HSSEDI, MITRE, News, open source, USA /

MITRE Caldera for OT now available as extension to open-source platform 06/09/2023 at 09:32 By Help Net Security MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT). The first

React to this headline:

Loading spinner

MITRE Caldera for OT now available as extension to open-source platform Read More »

Reaper: Open-source reconnaissance and attack proxy workflow automation

Don't miss, Ghost Security, GitHub, News, open source, software /

Reaper: Open-source reconnaissance and attack proxy workflow automation 05/09/2023 at 06:01 By Mirko Zorz Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it’s already capable of

React to this headline:

Loading spinner

Reaper: Open-source reconnaissance and attack proxy workflow automation Read More »

GitHub Enterprise Server Gets New Security Capabilities

Application Security, GitHub /

GitHub Enterprise Server Gets New Security Capabilities 30/08/2023 at 15:31 By Ionut Arghire GitHub Enterprise Server 3.10 released with additional security capabilities, including support for custom deployment rules. The post GitHub Enterprise Server Gets New Security Capabilities appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original Source React to

React to this headline:

Loading spinner

GitHub Enterprise Server Gets New Security Capabilities Read More »

Scroll to Top