open source - Security Ticks

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability / SecurityTicks

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a […]

React to this headline:

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure / SecurityTicks

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure / SecurityTicks

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

Identity & Access, open source, supply chain, Supply Chain Security / SecurityTicks

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol 05/10/2023 at 15:31 By Eduard Kovacs The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security. The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol Read More »

The root cause of open-source risk

CISO, cybersecurity, News, open source, report, software development, Sonatype, strategy, survey / SecurityTicks

The root cause of open-source risk 05/10/2023 at 06:02 By Help Net Security 2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable.

React to this headline:

The root cause of open-source risk Read More »

GenAI in software surges despite risks

Artificial Intelligence, code, cybersecurity, DevOps, Don't miss, generative AI, Hot stuff, open source, software, Sonatype, Video, vulnerability / SecurityTicks

GenAI in software surges despite risks 03/10/2023 at 07:05 By Help Net Security In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders,

React to this headline:

GenAI in software surges despite risks Read More »

Silverfort Open Sources Lateral Movement Detection Tool

lateral movement, Network Security, open source / SecurityTicks

Silverfort Open Sources Lateral Movement Detection Tool 02/10/2023 at 12:16 By Ionut Arghire Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions. The post Silverfort Open Sources Lateral Movement Detection Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Silverfort Open Sources Lateral Movement Detection Tool Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity / SecurityTicks

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

React to this headline:

Securing GitHub Actions for a safer DevOps pipeline Read More »

5 free vulnerability scanners you should check out

Don't miss, Hot stuff, News, open source, scanning, software, vulnerability assessment / SecurityTicks

5 free vulnerability scanners you should check out 26/09/2023 at 08:02 By Help Net Security Vulnerability scanners delve into systems to uncover security gaps. The primary mission? To fortify organizations against breaches and shield sensitive data from exposure. Beyond merely pinpointing weaknesses, vulnerability scanning is a proactive measure to anticipate potential attacker entry points. The

React to this headline:

5 free vulnerability scanners you should check out Read More »

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009)

DevOps, Don't miss, GitLab, Hot stuff, News, open source, security update, vulnerability / SecurityTicks

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) 22/09/2023 at 13:31 By Helga Labus GitLab has fixed a critical vulnerability (CVE-2023-5009) in the Enterprise Edition (EE) and Community Edition (CE) of its widely used DevOps platform. They flaw may allow a threat actor to abuse scan execution policies to run pipelines as another user. About the

React to this headline:

GitLab fixes critical vulnerability, patch now! (CVE-2023-5009) Read More »

You can build your own Trezor, but here’s the price — DIY wallet engineer

Hardware Wallet, open source, Technology, Trezor / SecurityTicks

You can build your own Trezor, but here’s the price — DIY wallet engineer 21/09/2023 at 14:02 By Cointelegraph By Helen Partz An electronics design manager who made his own Trezor One has assessed the difficulty of building a DIY crypto wallet from scratch. This article is an excerpt from Cointelegraph.com News View Original Source

React to this headline:

You can build your own Trezor, but here’s the price — DIY wallet engineer Read More »

LLM Guard: Open-source toolkit for securing Large Language Models

Artificial Intelligence, ChatGPT, Don't miss, GitHub, News, open source / SecurityTicks

LLM Guard: Open-source toolkit for securing Large Language Models 19/09/2023 at 07:34 By Mirko Zorz LLM Guard is a toolkit designed to fortify the security of Large Language Models (LLMs). It is designed for easy integration and deployment in production environments. It provides extensive evaluators for both inputs and outputs of LLMs, offering sanitization, detection

React to this headline:

LLM Guard: Open-source toolkit for securing Large Language Models Read More »

PostgreSQL 16: Where enhanced security meets high performance

database management, database security, News, open source, PostgreSQL / SecurityTicks

PostgreSQL 16: Where enhanced security meets high performance 18/09/2023 at 06:03 By Help Net Security PostgreSQL is an open-source object-relational database platform with a track record of over 25 years of ongoing development. Its reputation is solid for its reliability, extensive features, and high performance. PostgreSQL 16 enhances its performance through significant upgrades in query

React to this headline:

PostgreSQL 16: Where enhanced security meets high performance Read More »

Generative AI lures DevOps and SecOps into risky territory

Application Security, Artificial Intelligence, cybersecurity, DevOps, generative AI, Government, News, open source, regulation, report, Sonatype, survey / SecurityTicks

Generative AI lures DevOps and SecOps into risky territory 15/09/2023 at 06:36 By Help Net Security Application security leaders are more optimistic than developer leaders on generative AI, though both agree it will lead to more pervasive security vulnerabilities in software development, according to Sonatype. According to the surveyed DevOps and SecOps leaders, 97% are

React to this headline:

Generative AI lures DevOps and SecOps into risky territory Read More »

CISA Releases Open Source Software Security Roadmap

Application Security, open source / SecurityTicks

CISA Releases Open Source Software Security Roadmap 13/09/2023 at 16:47 By Ionut Arghire CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government. The post CISA Releases Open Source Software Security Roadmap appeared first on SecurityWeek. This article is an excerpt from

React to this headline:

CISA Releases Open Source Software Security Roadmap Read More »

LibreOffice: Stability, security, and continued development

cyber resilience, Don't miss, EU, Features, Hot stuff, legislation, LibreOffice, News, open source, product development, vulnerability management / SecurityTicks

LibreOffice: Stability, security, and continued development 07/09/2023 at 08:31 By Zeljka Zorz LibreOffice, the most widely used open-source office productivity suite, has plenty to recommend it: it’s feature-rich, user-friendly, well-documented, reliable, has an active community of developers working on improving it, and it’s free. The suite includes Writer (word processor), Calc (a spreadsheet app), Impress

React to this headline:

LibreOffice: Stability, security, and continued development Read More »

MITRE Caldera for OT now available as extension to open-source platform

CISA, critical infrastructure, DHS, GitHub, HSSEDI, MITRE, News, open source, USA / SecurityTicks

MITRE Caldera for OT now available as extension to open-source platform 06/09/2023 at 09:32 By Help Net Security MITRE Caldera for OT is now publicly available as an extension to the open-source Caldera platform, allowing security teams to run automated adversary emulation exercises that are specifically focused on threats to operational technology (OT). The first

React to this headline:

MITRE Caldera for OT now available as extension to open-source platform Read More »

Micro $3 Bitcoin miners won’t make bank, but that’s not the point: Inventors

Bitaxe, Bitmain Antminers, BitMaker, Close-Source, open source, Portable Bitcoin Miners / SecurityTicks

Micro $3 Bitcoin miners won’t make bank, but that’s not the point: Inventors 05/09/2023 at 06:02 By Cointelegraph By Brayden Lindrea Pocket-sized Bitcoin miners are a stand against the “secrecy and exclusivity” of the Bitcoin mining industry, according to their inventors. This article is an excerpt from Cointelegraph.com News View Original Source React to this

React to this headline:

Micro $3 Bitcoin miners won’t make bank, but that’s not the point: Inventors Read More »

Reaper: Open-source reconnaissance and attack proxy workflow automation

Don't miss, Ghost Security, GitHub, News, open source, software / SecurityTicks

Reaper: Open-source reconnaissance and attack proxy workflow automation 05/09/2023 at 06:01 By Mirko Zorz Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it’s already capable of

React to this headline:

Reaper: Open-source reconnaissance and attack proxy workflow automation Read More »

Polygon makes new sidechain developer stack opensource, supporting ZK-powered Layer 2s on Ethereum

Chain Development Kit, developers, layer 2, open source, Polygon, protocol, scaling, ZK-proof / SecurityTicks

Polygon makes new sidechain developer stack opensource, supporting ZK-powered Layer 2s on Ethereum 01/09/2023 at 17:02 By Cointelegraph By Gareth Jenkinson Polygon’s Chain Development Kit allows developers to freely build, customize and deploy layer 2 chains connected to the wider Ethereum ecosystem. This article is an excerpt from Cointelegraph.com News View Original Source React to

React to this headline:

Polygon makes new sidechain developer stack opensource, supporting ZK-powered Layer 2s on Ethereum Read More »