open source

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323)

AWS, Cisco, cloud computing, Don't miss, Google Cloud, Hot stuff, Intel, logging, News, open source, Sumo Logic, Tenable, Trend Micro, VMWare, vulnerability /

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) 2024-05-21 at 14:31 By Zeljka Zorz Tenable researchers have discovered a critical vulnerability (CVE-2024-4323) in Fluent Bit, a logging utility used by major cloud providers and tech companies, which may be leveraged for denial of service, information disclosure, or remote code execution. About […]

React to this headline:

Loading spinner

Critical Fluent Bit flaw affects major cloud platforms, tech companies’ offerings (CVE-2024-4323) Read More »

Grafana: Open-source data visualization platform

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software /

Grafana: Open-source data visualization platform 2024-05-20 at 07:31 By Mirko Zorz Grafana is an open-source solution for querying, visualizing, alerting, and exploring metrics, logs, and traces regardless of where they are stored. Grafana provides tools to transform your time-series database (TSDB) data into meaningful graphs and visualizations. Additionally, its plugin framework lets you integrate various

React to this headline:

Loading spinner

Grafana: Open-source data visualization platform Read More »

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002)

DevOps, Don't miss, Git, GitHub, Hot stuff, News, open source, security update, vulnerability /

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) 2024-05-16 at 14:16 By Zeljka Zorz New versions of Git are out, with fixes for five vulnerabilities, the most critical (CVE-2024-32002) of which can be used by attackers to remotely execute code during a “clone” operation. About Git Git is a widely-popular distributed version

React to this headline:

Loading spinner

Critical Git vulnerability allows RCE when cloning repositories with submodules (CVE-2024-32002) Read More »

Is an open-source AI vulnerability next?

Artificial Intelligence, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, Kusari, News, open source, opinion, software, supply chain /

Is an open-source AI vulnerability next? 2024-05-16 at 08:31 By Help Net Security AI has captured widespread interest and offers numerous benefits. However, its rapid advancement and widespread adoption raise concerns, especially for those of us in cybersecurity. With so much interest, there are lots of insecure applications finding their way onto our devices and

React to this headline:

Loading spinner

Is an open-source AI vulnerability next? Read More »

OWASP dep-scan: Open-source security and risk audit tool

AppThreat, Don't miss, GitHub, Hot stuff, News, open source, OWASP, risk assessment, software /

OWASP dep-scan: Open-source security and risk audit tool 2024-05-16 at 08:01 By Mirko Zorz OWASP dep-scan is an open-source security and risk assessment tool that leverages information on vulnerabilities, advisories, and licensing restrictions for project dependencies. It supports local repositories and container images as input sources, making it suitable for integration with ASPM/VM platforms and

React to this headline:

Loading spinner

OWASP dep-scan: Open-source security and risk audit tool Read More »

BLint: Open-source tool to check the security properties of your executables

Android, AppThreat, Don't miss, GitHub, Linux, mobile apps, News, open source, programming, software, Windows /

BLint: Open-source tool to check the security properties of your executables 2024-05-14 at 07:31 By Mirko Zorz BLint is a Binary Linter designed to evaluate your executables’ security properties and capabilities, utilizing LIEF for its operations. From version 2, BLint can also produce Software Bill-of-Materials (SBOM) for compatible binaries. BLint features “Several source code analysis

React to this headline:

Loading spinner

BLint: Open-source tool to check the security properties of your executables Read More »

Establishing a security baseline for open source projects

automation, cybersecurity, Don't miss, education, Features, Hot stuff, News, open source, OpenSSF, opinion, patching, penetration testing, policy, software development, standards /

Establishing a security baseline for open source projects 2024-05-13 at 08:01 By Mirko Zorz In this Help Net Security interview, Dana Wang, Chief Architect at OpenSSF, discusses the most significant barriers to improving open-source software security (OSS security) and opportunities for overcoming these challenges. The OpenSSF community has developed open-source security tools and projects, aiming

React to this headline:

Loading spinner

Establishing a security baseline for open source projects Read More »

How AI affects vulnerability management in open-source software

Artificial Intelligence, cybersecurity, Don't miss, Hot stuff, open source, patching, Seal Security, software, software development, Video /

How AI affects vulnerability management in open-source software 2024-05-13 at 07:01 By Help Net Security In this Help Net Security video, Itamar Sher, CEO of Seal Security, discusses how AI affects the risk and operational aspects of managing vulnerabilities in open-source software. One of the core issues around open-source vulnerability patch management has been the

React to this headline:

Loading spinner

How AI affects vulnerability management in open-source software Read More »

Nmap 7.95 released: New OS and service detection signatures

Linux, News, open source, penetration testing, scanning, software /

Nmap 7.95 released: New OS and service detection signatures 2024-05-10 at 07:31 By Help Net Security Nmap is a free, open-source tool for network discovery and security auditing. It’s valued by systems and network administrators for network inventory, managing service upgrade schedules, and monitoring host or service uptime. Nmap identifies available hosts on a network,

React to this headline:

Loading spinner

Nmap 7.95 released: New OS and service detection signatures Read More »

Regulators are coming for IoT device security

cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, Memfault, monitoring, News, open source, opinion, regulation, software, update, vulnerability management /

Regulators are coming for IoT device security 2024-05-09 at 08:01 By Help Net Security Cybersecurity is a relatively new challenge for many IoT device makers who have traditionally produced non-connected devices. These devices were less vulnerable to exploitation and, as a result, manufacturers often lack the expertise and experience needed to effectively secure their connected

React to this headline:

Loading spinner

Regulators are coming for IoT device security Read More »

Pktstat: Open-source ethernet interface traffic monitor

GitHub, Linux, networking, News, open source, software /

Pktstat: Open-source ethernet interface traffic monitor 2024-05-08 at 07:01 By Mirko Zorz Pktstat is an open-source tool that is a straightforward alternative to ncurses-based Pktstat. On Linux, it utilizes AF_PACKET, while on other platforms, it employs generic PCAP live wire capture. Pktstat is a versatile tool that doesn’t rely on advanced or recent Linux kernel

React to this headline:

Loading spinner

Pktstat: Open-source ethernet interface traffic monitor Read More »

reNgine: Open-source automated reconnaissance framework for web applications

automation, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, reconnaissance, software /

reNgine: Open-source automated reconnaissance framework for web applications 2024-05-02 at 07:31 By Mirko Zorz reNgine is an open-source automated reconnaissance framework for web applications that focuses on a highly configurable and streamlined recon process. Developing reNgine reNgine was developed to overcome the constraints of conventional reconnaissance tools. It is a good choice for bug bounty

React to this headline:

Loading spinner

reNgine: Open-source automated reconnaissance framework for web applications Read More »

Tracecat: Open-source SOAR

automation, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, SOAR, software /

Tracecat: Open-source SOAR 2024-04-30 at 07:31 By Mirko Zorz Tracecat is an open-source automation platform for security teams. The developers believe security automation should be accessible to everyone, especially understaffed small- to mid-sized teams. Core features, user interfaces, and day-to-day workflows are based on existing best practices from best-in-class security teams. Use specialized AI models

React to this headline:

Loading spinner

Tracecat: Open-source SOAR Read More »

Prompt Fuzzer: Open-source tool for strengthening GenAI apps

Artificial Intelligence, Don't miss, generative AI, GitHub, Hot stuff, News, open source, software /

Prompt Fuzzer: Open-source tool for strengthening GenAI apps 2024-04-29 at 08:01 By Mirko Zorz Prompt Fuzzer is an open-source tool that evaluates the security of your GenAI application’s system prompt against dynamic LLM-based threats. Prompt Fuzzer features Simulation of over a dozen types of GenAI attacks The tool contextualizes itself automatically based on the system

React to this headline:

Loading spinner

Prompt Fuzzer: Open-source tool for strengthening GenAI apps Read More »

LSA Whisperer: Open-source tools for interacting with authentication packages

cybersecurity, GitHub, Microsoft, News, open source, red team, software /

LSA Whisperer: Open-source tools for interacting with authentication packages 2024-04-26 at 07:32 By Mirko Zorz LSA Whisperer consists of open-source tools designed to interact with authentication packages through their unique messaging protocols. Support is currently provided for the cloudap, kerberos, msv1_0, negotiate, pku2u, schannel packages and cloudap’s AzureAD plugin. Partial or unstable support is provided

React to this headline:

Loading spinner

LSA Whisperer: Open-source tools for interacting with authentication packages Read More »

Why financial infrastructure needs to be open-source — Hyperledger

Ethereum price, Government, Hyperledger, Linux, open source /

Why financial infrastructure needs to be open-source — Hyperledger 2024-04-19 at 13:02 By Cointelegraph by Gareth Jenkinson Governments and major financial institutions are actively building open-source blockchain solutions on the Linux Foundation’s Hyperledger tools. This article is an excerpt from Cointelegraph.com News View Original Source React to this headline:

React to this headline:

Loading spinner

Why financial infrastructure needs to be open-source — Hyperledger Read More »

Protobom: Open-source software supply chain tool

CISA, DHS, Don't miss, GitHub, News, open source, OpenSSF, software /

Protobom: Open-source software supply chain tool 2024-04-19 at 07:31 By Mirko Zorz Protobom is an open-source software supply chain tool that enables all organizations, including system administrators and software development communities, to read and generate Software Bill of Materials (SBOMs), file data, and translate this data across standard industry SBOM formats. “he Protobom project was

React to this headline:

Loading spinner

Protobom: Open-source software supply chain tool Read More »

Damn Vulnerable RESTaurant: Open-source API service designed for learning

API security, cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, skill development /

Damn Vulnerable RESTaurant: Open-source API service designed for learning 2024-04-17 at 07:01 By Mirko Zorz Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers, and security engineers where

React to this headline:

Loading spinner

Damn Vulnerable RESTaurant: Open-source API service designed for learning Read More »

New open-source project takeover attacks spotted, stymied

backdoor, CISA, Don't miss, Endor Labs, Hot stuff, News, O'Reilly, open source, OpenJS Foundation, OpenSSF, social engineering, supply chain attacks, tips /

New open-source project takeover attacks spotted, stymied 2024-04-16 at 16:16 By Zeljka Zorz The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious maintainer achieved that coveted position after

React to this headline:

Loading spinner

New open-source project takeover attacks spotted, stymied Read More »

Zarf: Open-source continuous software delivery on disconnected networks

DevSecOps, Don't miss, GitHub, News, open source, software /

Zarf: Open-source continuous software delivery on disconnected networks 2024-04-15 at 06:32 By Help Net Security Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The

React to this headline:

Loading spinner

Zarf: Open-source continuous software delivery on disconnected networks Read More »

Scroll to Top