open source

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856)

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) 2024-08-05 at 16:47 By Zeljka Zorz CVE-2024-38856, an incorrect authorization vulnerability affecting all but the latest version of Apache OFBiz, may be exploited by remote, unauthenticated attackers to execute arbitrary code on vulnerable systems. About CVE-2024-38856 Apache OFBiz is an open-source framework for enterprise resource […]

Critical Apache OFBiz pre-auth RCE flaw fixed, update ASAP! (CVE-2024-38856) Read More »

MISP: Open-source threat intelligence and sharing platform

MISP: Open-source threat intelligence and sharing platform 2024-08-05 at 07:01 By Help Net Security MISP is an open-source threat intelligence and sharing platform for collecting, storing, distributing, and sharing cybersecurity indicators and threats related to incident and malware analysis. MISP is designed by and for cybersecurity, ICT professionals, and malware reversers to support their daily

MISP: Open-source threat intelligence and sharing platform Read More »

Open-source project enables Raspberry Pi Bluetooth Wi-Fi network configuration

Open-source project enables Raspberry Pi Bluetooth Wi-Fi network configuration 2024-08-02 at 06:31 By Help Net Security Remote.It released its open-source project to enable Raspberry Pi Bluetooth (BLE) Wi-Fi network configuration. The project allows a computer or mobile device to easily transfer a Wi-Fi configuration via Bluetooth, the same way users set up smart devices around

Open-source project enables Raspberry Pi Bluetooth Wi-Fi network configuration Read More »

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave 2024-07-31 at 07:02 By Help Net Security Secretive is an open-source, user-friendly app designed to store and manage SSH keys within the Secure Enclave. Typically, SSH keys are stored on disk with appropriate permissions, which is usually sufficient. However, it’s not overly

Secretive: Open-source app for storing and managing SSH keys in the Secure Enclave Read More »

Cirrus: Open-source Google Cloud forensic collection

Cirrus: Open-source Google Cloud forensic collection 2024-07-29 at 07:16 By Mirko Zorz Cirrus is an open-source Python-based tool designed to streamline Google Cloud forensic evidence collection. It can streamline environment access and evidence collection in investigations involving Google Workspace and GCP. The tool simplifies incident response activities and enhances an organization’s security posture. Key features

Cirrus: Open-source Google Cloud forensic collection Read More »

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads 2024-07-25 at 19:49 By Ryan Naraine Software supply chain security startup Chainguard raises a $140 million Series C round that values the company at $1.2 billion. The post Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads appeared first on SecurityWeek. This article is

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads Read More »

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements 2024-07-25 at 10:01 By Help Net Security BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable branch suitable for production use, has been released. According to the current software release

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements Read More »

Infisical: Open-source secret management platform

Infisical: Open-source secret management platform 2024-07-24 at 07:01 By Help Net Security Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisical, you can scan your files, directories, and Git

Infisical: Open-source secret management platform Read More »

Shuffle Automation: Open-source security automation platform

Shuffle Automation: Open-source security automation platform 2024-07-22 at 07:01 By Mirko Zorz Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers. Key features Feature-rich workflow editor. App creator

Shuffle Automation: Open-source security automation platform Read More »

Grype: Open-source vulnerability scanner for container images, filesystems

Grype: Open-source vulnerability scanner for container images, filesystems 2024-07-18 at 06:31 By Help Net Security Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazon Linux BusyBox CentOS CBL-Mariner Debian Distroless

Grype: Open-source vulnerability scanner for container images, filesystems Read More »

Signatures should become cloud security history

Signatures should become cloud security history 2024-07-18 at 06:01 By Help Net Security It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints of open-source

Signatures should become cloud security history Read More »

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover 2024-07-17 at 07:01 By Mirko Zorz SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover Read More »

Realm: Open-source adversary emulation framework

Realm: Open-source adversary emulation framework 2024-07-15 at 07:32 By Mirko Zorz Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code,

Realm: Open-source adversary emulation framework Read More »

BunkerWeb: Open-source Web Application Firewall (WAF)

BunkerWeb: Open-source Web Application Firewall (WAF) 2024-07-10 at 07:01 By Mirko Zorz BunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable by a third party and the community. “The genesis of BunkerWeb comes from the following problem: every time someone from my team

BunkerWeb: Open-source Web Application Firewall (WAF) Read More »

Monocle: Open-source LLM for binary analysis search

Monocle: Open-source LLM for binary analysis search 2024-07-08 at 06:31 By Help Net Security Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will decompile

Monocle: Open-source LLM for binary analysis search Read More »

Secator: Open-source pentesting Swiss army knife

Secator: Open-source pentesting Swiss army knife 2024-07-03 at 07:01 By Help Net Security Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers. Secator features Curated list of commands Unified input options Unified

Secator: Open-source pentesting Swiss army knife Read More »

Portainer: Open-source Docker and Kubernetes management

Portainer: Open-source Docker and Kubernetes management 2024-07-01 at 07:32 By Mirko Zorz Portainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Docker, Swarm, Kubernetes, and ACI environments. It provides a smart GUI and a comprehensive API to manage your orchestrator resources, including containers, images, volumes, networks,

Portainer: Open-source Docker and Kubernetes management Read More »

US, Allies Warn of Memory Unsafety Risks in Open Source Software

US, Allies Warn of Memory Unsafety Risks in Open Source Software 2024-06-27 at 17:01 By Ionut Arghire Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn. The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek. This

US, Allies Warn of Memory Unsafety Risks in Open Source Software Read More »

Gitleaks: Open-source solution for detecting secrets in your code

Gitleaks: Open-source solution for detecting secrets in your code 2024-06-27 at 07:37 By Mirko Zorz Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of weekly

Gitleaks: Open-source solution for detecting secrets in your code Read More »

Developer errors lead to long-term exposure of sensitive data in Git repos

Developer errors lead to long-term exposure of sensitive data in Git repos 2024-06-26 at 15:01 By Help Net Security Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub,

Developer errors lead to long-term exposure of sensitive data in Git repos Read More »

Scroll to Top