open source

Wazuh: Free and open-source XDR and SIEM

Wazuh: Free and open-source XDR and SIEM 24/10/2023 at 07:00 By Help Net Security Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and […]

React to this headline:

Loading spinner

Wazuh: Free and open-source XDR and SIEM Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure 13/10/2023 at 13:32 By Eduard Kovacs Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers. The post Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure Read More »

Yeti: Open, distributed, threat intelligence repository

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

React to this headline:

Loading spinner

Yeti: Open, distributed, threat intelligence repository Read More »

US Government Releases Security Guidance for Open Source Software in OT, ICS

US Government Releases Security Guidance for Open Source Software in OT, ICS 11/10/2023 at 17:02 By Ionut Arghire CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS. The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first

React to this headline:

Loading spinner

US Government Releases Security Guidance for Open Source Software in OT, ICS Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol 05/10/2023 at 15:31 By Eduard Kovacs The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.  The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol Read More »

The root cause of open-source risk

The root cause of open-source risk 05/10/2023 at 06:02 By Help Net Security 2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable.

React to this headline:

Loading spinner

The root cause of open-source risk Read More »

GenAI in software surges despite risks

GenAI in software surges despite risks 03/10/2023 at 07:05 By Help Net Security In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders,

React to this headline:

Loading spinner

GenAI in software surges despite risks Read More »

Silverfort Open Sources Lateral Movement Detection Tool

Silverfort Open Sources Lateral Movement Detection Tool 02/10/2023 at 12:16 By Ionut Arghire Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions. The post Silverfort Open Sources Lateral Movement Detection Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Silverfort Open Sources Lateral Movement Detection Tool Read More »

Securing GitHub Actions for a safer DevOps pipeline

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

React to this headline:

Loading spinner

Securing GitHub Actions for a safer DevOps pipeline Read More »

5 free vulnerability scanners you should check out

5 free vulnerability scanners you should check out 26/09/2023 at 08:02 By Help Net Security Vulnerability scanners delve into systems to uncover security gaps. The primary mission? To fortify organizations against breaches and shield sensitive data from exposure. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive measure to anticipate potential attacker entry points. The

React to this headline:

Loading spinner

5 free vulnerability scanners you should check out Read More »

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) 22/09/2023 at 13:31 By Helga Labus GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the

React to this headline:

Loading spinner

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) Read More »

You can build your own Trezor, but here’s the price — DIY wallet engineer

You can build your own Trezor, but here’s the price — DIY wallet engineer 21/09/2023 at 14:02 By Cointelegraph By Helen Partz An electronics design manager who made his own Trezor One has assessed the difficulty of building a DIY crypto wallet from scratch. This article is an excerpt from Cointelegraph.com News View Original Source

React to this headline:

Loading spinner

You can build your own Trezor, but here’s the price — DIY wallet engineer Read More »

LLM Guard: Open-source toolkit for securing Large Language Models

LLM Guard: Open-source toolkit for securing Large Language Models 19/09/2023 at 07:34 By Mirko Zorz LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. It provides extensive evaluators for both inputs and outputs of LLMs, offering sanitization, detection

React to this headline:

Loading spinner

LLM Guard: Open-source toolkit for securing Large Language Models Read More »

PostgreSQL 16: Where enhanced security meets high performance

PostgreSQL 16: Where enhanced security meets high performance 18/09/2023 at 06:03 By Help Net Security PostgreSQL is an open-source object-relational database platform with a track record of over 25 years of ongoing development. Its reputation is solid for its reliability, extensive features, and high performance. PostgreSQL 16 enhances its performance through significant upgrades in query

React to this headline:

Loading spinner

PostgreSQL 16: Where enhanced security meets high performance Read More »

Generative AI lures DevOps and SecOps into risky territory

Generative AI lures DevOps and SecOps into risky territory 15/09/2023 at 06:36 By Help Net Security Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and SecOps leaders, 97% are

React to this headline:

Loading spinner

Generative AI lures DevOps and SecOps into risky territory Read More »

CISA Releases Open Source Software Security Roadmap

CISA Releases Open Source Software Security Roadmap 13/09/2023 at 16:47 By Ionut Arghire CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

Loading spinner

CISA Releases Open Source Software Security Roadmap Read More »

Scroll to Top