open source

Mainframes are around to stay, it’s time to protect them

Compliance, cybersecurity, data, DevOps, mainframe security, News, open source, report, Rocket Software, survey, vulnerability management /

Mainframes are around to stay, it’s time to protect them 01/11/2023 at 07:31 By Help Net Security While many organizations run their core business applications on the mainframe, IT leaders lack confidence in the effectiveness of their mainframe security compliance, signaling a need for more robust security practices, according to Rocket Software. For decades, mainframe […]

React to this headline:

Loading spinner

Mainframes are around to stay, it’s time to protect them Read More »

The hidden costs of Java, and the impact of pricing changes

Azul, Cloud, cloud computing, CVE, cybersecurity, Java, Log4j, News, open source, Oracle, report, survey /

The hidden costs of Java, and the impact of pricing changes 01/11/2023 at 07:01 By Help Net Security An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. When including

React to this headline:

Loading spinner

The hidden costs of Java, and the impact of pricing changes Read More »

Logging Made Easy: Free log management solution from CISA

CISA, Don't miss, GitHub, Hot stuff, log management, logging, NCSC, News, open source, software, Windows /

Logging Made Easy: Free log management solution from CISA 30/10/2023 at 13:17 By Help Net Security CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre

React to this headline:

Loading spinner

Logging Made Easy: Free log management solution from CISA Read More »

Raven: Open-source CI/CD pipeline security scanner

cybersecurity, Cycode, Don't miss, GitHub, News, open source, scanning /

Raven: Open-source CI/CD pipeline security scanner 27/10/2023 at 08:32 By Help Net Security Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed

React to this headline:

Loading spinner

Raven: Open-source CI/CD pipeline security scanner Read More »

GOAD: Vulnerable Active Directory environment for practicing attack techniques

Active Directory, cybersecurity, GitHub, Hot stuff, News, open source, penetration testing /

GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our

React to this headline:

Loading spinner

GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

Featured, ICS, ICS/OT, open source, PLC /

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding 25/10/2023 at 18:17 By Eduard Kovacs A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor. The post New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

React to this headline:

Loading spinner

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

0-day, APT, Don't miss, Europe, government-backed attacks, Hot stuff, News, open source, Roundcube /

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

React to this headline:

Loading spinner

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

Wazuh: Free and open-source XDR and SIEM

Elastic, GitHub, News, open source, SIEM, software, XDR /

Wazuh: Free and open-source XDR and SIEM 24/10/2023 at 07:00 By Help Net Security Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and

React to this headline:

Loading spinner

Wazuh: Free and open-source XDR and SIEM Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

React to this headline:

Loading spinner

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure

open source, Vulnerabilities /

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure 13/10/2023 at 13:32 By Eduard Kovacs Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers. The post Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure appeared first on SecurityWeek. This article is an

React to this headline:

Loading spinner

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure Read More »

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

React to this headline:

Loading spinner

Yeti: Open, distributed, threat intelligence repository Read More »

US Government Releases Security Guidance for Open Source Software in OT, ICS

Government, guidance, ICS, ICS/OT, open source, OT, Supply Chain Security /

US Government Releases Security Guidance for Open Source Software in OT, ICS 11/10/2023 at 17:02 By Ionut Arghire CISA, FBI, NSA, and US Treasury published new guidance on improving the security of open source software in OT and ICS. The post US Government Releases Security Guidance for Open Source Software in OT, ICS appeared first

React to this headline:

Loading spinner

US Government Releases Security Guidance for Open Source Software in OT, ICS Read More »

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545)

containers, Debian, Don't miss, Hot stuff, IoT, Linux, News, open source, patching, Red Hat, security update, Ubuntu, vulnerability /

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) 11/10/2023 at 13:31 By Zeljka Zorz Curl v8.4.0 is out, and fixes – among other things – a high-severity SOCKS5 heap buffer overflow vulnerability (CVE-2023-38545). Appropriate patches for some older curl versions have been released, too. Preparation for the security updates A little over a

React to this headline:

Loading spinner

Curl project squashes high-severity bug in omnipresent libcurl library (CVE-2023-38545) Read More »

GNOME users at risk of RCE attack (CVE-2023-43641)

Debian, Don't miss, Fedora, GitHub, Hot stuff, Linux, News, open source, Red Hat, SUSE, Ubuntu, vulnerability, vulnerability disclosure /

GNOME users at risk of RCE attack (CVE-2023-43641) 10/10/2023 at 14:32 By Zeljka Zorz If you’re running GNOME on you Linux system(s), you are probably open to remote code execution attacks via a booby-trapped file, thanks to a memory corruption vulnerability (CVE-2023-43641) in the libcue library. About CVE-2023-43641 Discovered by GitHub security researcher Kevin Backhouse,

React to this headline:

Loading spinner

GNOME users at risk of RCE attack (CVE-2023-43641) Read More »

Be prepared to patch high-severity vulnerability in curl and libcurl

Docker, Don't miss, Endor Labs, Hot stuff, News, open source, patching, Qualys, security update, Sonatype, Synopsys, vulnerability, vulnerability disclosure /

Be prepared to patch high-severity vulnerability in curl and libcurl 10/10/2023 at 12:20 By Zeljka Zorz Details about two vulnerabilities (CVE-2023-38545, CVE-2023-38546) in curl, a foundational and widely used open-source software for data transfer via URLs, are to be released on Wednesday, October 11. Daniel Stenberg, the original author and lead developer, has said that

React to this headline:

Loading spinner

Be prepared to patch high-severity vulnerability in curl and libcurl Read More »

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol

Identity & Access, open source, supply chain, Supply Chain Security /

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol 05/10/2023 at 15:31 By Eduard Kovacs The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.  The post Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed

React to this headline:

Loading spinner

Linux Foundation Announces OpenPubkey Open Source Cryptographic Protocol Read More »

The root cause of open-source risk

CISO, cybersecurity, News, open source, report, software development, Sonatype, strategy, survey /

The root cause of open-source risk 05/10/2023 at 06:02 By Help Net Security 2023 saw twice as many software supply chain attacks as 2019-2022 combined. Sonatype logged 245,032 malicious packages in 2023. One in eight open-source downloads today poses known and avoidable risks. Vulnerabilities can still be prevented Nearly all (96%) vulnerabilities are still avoidable.

React to this headline:

Loading spinner

The root cause of open-source risk Read More »

GenAI in software surges despite risks

Artificial Intelligence, code, cybersecurity, DevOps, Don't miss, generative AI, Hot stuff, open source, software, Sonatype, Video, vulnerability /

GenAI in software surges despite risks 03/10/2023 at 07:05 By Help Net Security In this Help Net Security video, Ilkka Turunen, Field CTO at Sonatype, discusses how generative AI influences and impacts software engineers’ work and the software development lifecycle. According to a recent Sonatype survey of 800 developers (DevOps) and application security (SecOps) leaders,

React to this headline:

Loading spinner

GenAI in software surges despite risks Read More »

Silverfort Open Sources Lateral Movement Detection Tool

lateral movement, Network Security, open source /

Silverfort Open Sources Lateral Movement Detection Tool 02/10/2023 at 12:16 By Ionut Arghire Silverfort has released the source code for its lateral movement detection tool LATMA, to help identify and analyze intrusions. The post Silverfort Open Sources Lateral Movement Detection Tool appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View

React to this headline:

Loading spinner

Silverfort Open Sources Lateral Movement Detection Tool Read More »

Securing GitHub Actions for a safer DevOps pipeline

CISA, Cloud, cloud security, credentials, cybersecurity, DevOps, Don't miss, Features, GitHub, Hot stuff, Kubernetes, monitoring, News, NSA, open source, opinion, StepSecurity /

Securing GitHub Actions for a safer DevOps pipeline 02/10/2023 at 07:32 By Mirko Zorz GitHub Actions provides a platform for continuous integration and continuous delivery (CI/CD), enabling your build, test, and deployment process automation. It allows you to establish workflows that build and test each pull request in your repository and deploy approved pull requests

React to this headline:

Loading spinner

Securing GitHub Actions for a safer DevOps pipeline Read More »

Scroll to Top