open source - Security Ticks

UAC: Live response collection script for incident response

DFIR, GitHub, Incident Response, Linux, News, open source, software, Unix / SecurityTicks

UAC: Live response collection script for incident response 27/07/2023 at 05:33 By Help Net Security Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris systems artifacts. It […]

React to this headline:

UAC: Live response collection script for incident response Read More »

LLMs and AI positioned to dominate the AppSec world

Application Security, cybersecurity, Endor Labs, Malware, News, open source, report, vulnerability / SecurityTicks

LLMs and AI positioned to dominate the AppSec world 20/07/2023 at 07:33 By Help Net Security As modern software trends toward distributed architectures, microservices, and extensive use of third-party and open source components, dependency management only gets harder, according to Endor Labs. Application development risks A new research report explores emerging trends that software organizations

React to this headline:

LLMs and AI positioned to dominate the AppSec world Read More »

12 open-source penetration testing tools you might not know about

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, Red Siege, software / SecurityTicks

12 open-source penetration testing tools you might not know about 18/07/2023 at 07:34 By Mirko Zorz Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features. Give

React to this headline:

12 open-source penetration testing tools you might not know about Read More »

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192)

0-day, Don't miss, Hot stuff, News, open source, security update, Synacor, vulnerability / SecurityTicks

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) 17/07/2023 at 14:47 By Helga Labus A critical cross site scripting (XSS) vulnerability (CVE-2023-34192) in popular open source email collaboration suite Zimbra is being exploited by attackers. About the vulnerability (CVE-2023-34192) CVE-2023-34192 could allow a remote authenticated threat actor to execute arbitrary code through a

React to this headline:

Critical XSS vulnerability in Zimbra exploited in the wild (CVE-2023-34192) Read More »

Owncast, EaseProbe security vulnerabilities revealed

CVE, News, open source, Oxeye, software, vulnerability, vulnerability disclosure / SecurityTicks

Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,

React to this headline:

Owncast, EaseProbe security vulnerabilities revealed Read More »

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech

credentials, Funding/M&A, Infisical, open source, secrets sprawl, Supply Chain Security / SecurityTicks

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech 05/07/2023 at 19:47 By Ryan Naraine Infisical banks $2.8 million in seed funding as investors continue to bet on companies in the software supply chain security space. The post Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech appeared first on SecurityWeek. This article

React to this headline:

Infisical Snags $2.8M Seed Funding for Secrets Sprawl Security Tech Read More »

Cloud-native security hinges on open source

containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Kubernetes, open source, opinion, SUSE / SecurityTicks

Cloud-native security hinges on open source 22/06/2023 at 07:33 By Help Net Security Technologies like Kubernetes and K3S are synonymous with the success of cloud native computing and the power of open source. It is no accident they have steamrolled the competition. As enterprises look to secure cloud-native environments, open source is the critical piece

React to this headline:

Cloud-native security hinges on open source Read More »

10 open-source recon tools worth your time

cybersecurity, Don't miss, Hot stuff, News, open source, OWASP, penetration testing, software / SecurityTicks

10 open-source recon tools worth your time 20/06/2023 at 07:02 By Help Net Security Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns is

React to this headline:

10 open-source recon tools worth your time Read More »

Fiddler Auditor: Open-source tool evaluates the robustness of large language models

Don't miss, Fiddler, GitHub, News, open source, software / SecurityTicks

Fiddler Auditor: Open-source tool evaluates the robustness of large language models 15/06/2023 at 07:17 By Help Net Security Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may disclose confidential information

React to this headline:

Fiddler Auditor: Open-source tool evaluates the robustness of large language models Read More »

20 cybersecurity projects on GitHub you should check out

ARMO, CISA, cybersecurity, Don't miss, Faraday Technology Corporation, GitHub, Google, Hot stuff, Metasploit, MISP, MITRE ATT&CK, News, open source, software / SecurityTicks

20 cybersecurity projects on GitHub you should check out 08/06/2023 at 07:47 By Helga Labus Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. From vulnerability scanning and network monitoring to encryption and incident response, the following collection encompasses a diverse range of projects

React to this headline:

20 cybersecurity projects on GitHub you should check out Read More »

SBOMs – Software Supply Chain Security’s Future or Fantasy?

Featured, Government, Government Policy, open source, SBOM, software, Supply Chain Security, Vulnerabilities / SecurityTicks

SBOMs – Software Supply Chain Security’s Future or Fantasy? 05/06/2023 at 14:39 By Kevin Townsend If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order. The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek. This

React to this headline:

SBOMs – Software Supply Chain Security’s Future or Fantasy? Read More »

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more!

Don't miss, Hot stuff, Kali Linux, Linux, News, Offensive Security, open source, penetration testing / SecurityTicks

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! 31/05/2023 at 10:29 By Zeljka Zorz Offensive Security has released Kali Linux 2023.2, the latest version of its popular penetration testing and digital forensics platform. New tools in Kali Linux 2023.2 Aside from updates for existing tools, a new

React to this headline:

Kali Linux 2023.2 released: New tools, a pre-built Hyper-V image, a new audio stack, and more! Read More »

CISO-approved strategies for software supply chain security

CISO, cybersecurity, Don't miss, Hot stuff, open source, opinion, programming, software, strategy, Synopsys, tips, Video / SecurityTicks

CISO-approved strategies for software supply chain security 29/05/2023 at 08:48 By Help Net Security Integrating proprietary and open-source code, APIs, user interfaces, application behavior, and deployment workflows creates an intricate composition in modern applications. Any vulnerabilities within this software supply chain can jeopardize your and your customers’ safety. In this Help Net Security video, Tim

React to this headline:

CISO-approved strategies for software supply chain security Read More »

Red Hat Pushes New Tools to Secure Software Supply Chain

Application Security, open source, Red Hat, Supply Chain Security / SecurityTicks

Red Hat Pushes New Tools to Secure Software Supply Chain 23/05/2023 at 17:49 By Ryan Naraine Red Hat rolls out a new suite of tools and services to help mitigate vulnerabilities across every stage of the modern software supply chain. The post Red Hat Pushes New Tools to Secure Software Supply Chain appeared first on

React to this headline:

Red Hat Pushes New Tools to Secure Software Supply Chain Read More »

Enhancing open source security: Insights from the OpenSSF on addressing key challenges

CISO, Don't miss, Features, Hot stuff, News, open source, OpenSSF, opinion, software, strategy, The Linux Foundation, tips / SecurityTicks

Enhancing open source security: Insights from the OpenSSF on addressing key challenges 18/05/2023 at 08:00 By Mirko Zorz In this Help Net Security interview, we meet a prominent industry leader. Brian Behlendorf, CTO at the Open Source Security Foundation (OpenSSF), shares insights on the influence of his experiences with the White House CTO office, World

React to this headline:

Enhancing open source security: Insights from the OpenSSF on addressing key challenges Read More »

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784)

Don't miss, KeePass, News, open source, passwords, PoC, vulnerability / SecurityTicks

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) 17/05/2023 at 16:44 By Zeljka Zorz A vulnerability (CVE-2023-32784) in the open-source password manager KeePass can be exploited to retrieve the master password from the software’s memory, says the researcher who unearthed the flaw. The bad news is that the vulnerability is still unfixed

React to this headline:

KeePass flaw allows retrieval of master password, PoC is public (CVE-2023-32784) Read More »

Malicious open-source components threatening digital infrastructure

cybersecurity, Don't miss, Endor Labs, Hot stuff, open source, software, threats, Video / SecurityTicks

Malicious open-source components threatening digital infrastructure 17/05/2023 at 09:42 By Help Net Security A new risk emerges in the digital era, where open-source software has become a fundamental pillar in developing innovative applications. The threat? Malicious open-source components. In this Help Net Security video, Henrik Plate, Lead Security Researcher at Endor Labs, discusses the dual-edged

React to this headline:

Malicious open-source components threatening digital infrastructure Read More »

OpenSSF Receives $5 Million for Open Source Software Security Project

Application Security, Cybersecurity Funding, funding, open source / SecurityTicks

OpenSSF Receives $5 Million for Open Source Software Security Project 11/05/2023 at 17:42 By Ionut Arghire OpenSSF has added four new members and is receiving $5 million in funding for its Alpha-Omega open source software security project. The post OpenSSF Receives $5 Million for Open Source Software Security Project appeared first on SecurityWeek. This article

React to this headline:

OpenSSF Receives $5 Million for Open Source Software Security Project Read More »

Never leak secrets to your GitHub repositories again

code, Data leak, Don't miss, GitHub, Hot stuff, News, open source, scanning, software development / SecurityTicks

Never leak secrets to your GitHub repositories again 10/05/2023 at 14:47 By Helga Labus GitHub is making push protection – a security feature designed to automatically prevent the leaking of secrets to repositories – free for owners of all public repositories. Previously, the feature was available only for private repositories with a GitHub Advanced Security

React to this headline:

Never leak secrets to your GitHub repositories again Read More »