New Open Source Tool Hunts for APT Activity in the Cloud 2024-03-11 at 12:47 By Ionut Arghire The CloudGrappler open source tool can detect the presence of known threat actors in cloud environments. The post New Open Source Tool Hunts for APT Activity in the Cloud appeared first on SecurityWeek. This article is an excerpt […]
New Open Source Tool Hunts for APT Activity in the Cloud Read More »
CloudGrappler: Open-source tool detects activity in cloud environments 2024-03-11 at 09:07 By Mirko Zorz CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security’s cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and
CloudGrappler: Open-source tool detects activity in cloud environments Read More »
CISA Outlines Efforts to Secure Open Source Software 2024-03-08 at 18:03 By Ionut Arghire Concluding a two-day OSS security summit, CISA details key actions to help improve open source security. The post CISA Outlines Efforts to Secure Open Source Software appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed View Original
CISA Outlines Efforts to Secure Open Source Software Read More »
OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) 2024-03-08 at 06:51 By Mirko Zorz MITRE now offers an open-source version of its Aviation Risk Identification and Assessment (ARIA) software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. ARIA suite The
OpenARIA: Open-source edition of the Aviation Risk Identification and Assessment (ARIA) Read More »
Tazama: Open-source real-time fraud management 2024-03-07 at 07:39 By Help Net Security Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide. Previously, the financial sector struggled with proprietary solutions that were both expensive and restrictive, impeding
Tazama: Open-source real-time fraud management Read More »
Cisco Releases Open Source Backplane Traffic Visibility Tool for OT 2024-03-06 at 17:36 By Eduard Kovacs Cisco has released an open source PoC tool named Badgerboard designed for improved backplane network visibility for OT. The post Cisco Releases Open Source Backplane Traffic Visibility Tool for OT appeared first on SecurityWeek. This article is an excerpt
Cisco Releases Open Source Backplane Traffic Visibility Tool for OT Read More »
RiskInDroid: Open-source risk analysis of Android apps 2024-03-06 at 07:30 By Mirko Zorz RiskInDroid (Risk Index for Android) is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. How RiskInDroid works “A user should be able to quickly assess an application’s level of risk by simply glancing at RiskInDroid’s
RiskInDroid: Open-source risk analysis of Android apps Read More »
GitHub push protection now on by default for public repositories 2024-03-04 at 16:15 By Zeljka Zorz GitHub push protection – a security feature aimed at preventing secrets such as API keys or tokens getting accidentally leaked online – is being switched on by default for all public repositories. “This means that when a supported secret
GitHub push protection now on by default for public repositories Read More »
Linux Foundation Tackles Financial Fraud With Open Source Platform 2024-03-04 at 15:47 By Ionut Arghire The open source platform Tazama provides cost-effective monitoring of digital financial transactions to prevent fraud in real time. The post Linux Foundation Tackles Financial Fraud With Open Source Platform appeared first on SecurityWeek. This article is an excerpt from SecurityWeek
Linux Foundation Tackles Financial Fraud With Open Source Platform Read More »
Securing software repositories leads to better OSS security 2024-03-04 at 14:03 By Zeljka Zorz Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s
Securing software repositories leads to better OSS security Read More »
PyRIT: Open-source framework to find risks in generative AI systems 2024-03-04 at 08:02 By Mirko Zorz Python Risk Identification Tool (PyRIT) is Microsoft’s open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. PyRIT has been battle-tested by Microsoft’s AI red team. It started as a collection
PyRIT: Open-source framework to find risks in generative AI systems Read More »
BobTheSmuggler: Open-source tool for undetectable payload delivery 2024-02-29 at 08:03 By Mirko Zorz BobTheSmuggler is an open-source tool designed to easily compress, encrypt, and securely transport your payload. It basically enables you to hide a payload in plain sight. BobTheSmuggler is helpful in phishing campaign assessments, data exfiltration exercises, and assumed breach scenarios. Features Hiding
BobTheSmuggler: Open-source tool for undetectable payload delivery Read More »
Inside the book: Androids – The Team That Built the Android Operating System 2024-02-29 at 07:03 By Help Net Security In 2004, Android was two people who wanted to build camera software but couldn’t get investors interested. Android is a large team at Google today, delivering an OS to over 3 billion devices worldwide. In
Inside the book: Androids – The Team That Built the Android Operating System Read More »
From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements 2024-02-26 at 18:04 By Marc Solomon Open source is a great way to test the waters and define requirements. But when looking at putting a platform into production, an enterprise-ready solution will ensure you can keep up with business demands. The post
From Open Source to Enterprise Ready: 4 Pillars to Meet Your Security Requirements Read More »
Web Check: Open-source intelligence for any website 2024-02-26 at 08:02 By Mirko Zorz Web Check offers thorough open-source intelligence and enables users to understand a website’s infrastructure and security posture, equipping them with the knowledge to understand, optimize, and secure their online presence. Unlike similar services, Web Check is free. There’s no signup, tracking, logging,
Web Check: Open-source intelligence for any website Read More »
TruffleHog: Open-source solution for scanning secrets 2024-02-21 at 07:31 By Mirko Zorz TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning Git revision history for secrets. My hunch was
TruffleHog: Open-source solution for scanning secrets Read More »
CVE Prioritizer: Open-source tool to prioritize vulnerability patching 2024-02-19 at 08:01 By Mirko Zorz CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects of vulnerabilities on your
CVE Prioritizer: Open-source tool to prioritize vulnerability patching Read More »
Fabric: Open-source framework for augmenting humans using AI 2024-02-14 at 07:31 By Mirko Zorz Fabric is an open-source framework, created to enable users to granularly apply AI to everyday challenges. Key features “I created it to enable humans to easily augment themselves with AI. I believe it’s currently too difficult for people to use AI.
Fabric: Open-source framework for augmenting humans using AI Read More »
SiCat: Open-source exploit finder 2024-02-12 at 06:31 By Mirko Zorz SiCat is an open-source tool for exploit research designed to source and compile information about exploits from open channels and internal databases. Its primary aim is to assist in cybersecurity, enabling users to search the internet for potential vulnerabilities and corresponding exploits. Akas Wisnu Aji,
SiCat: Open-source exploit finder Read More »
SOAPHound: Open-source tool to collect Active Directory data via ADWS 2024-02-08 at 07:02 By Mirko Zorz SOAPHound is an open-source data collection tool capable of enumerating Active Directory environments through the Active Directory Web Services (ADWS) protocol. How SOAPHound works SOAPHound is a substitute for various open-source security tools typically employed for extracting data from
SOAPHound: Open-source tool to collect Active Directory data via ADWS Read More »