open source

FreeBSD 14.0 released, OpenSSH and OpenSSL updated

Absolute Software, FreeBSD, FreeBSD Foundation, News, open source /

FreeBSD 14.0 released, OpenSSH and OpenSSL updated 21/11/2023 at 17:17 By Help Net Security FreeBSD 14.0 is now available for the amd64, aarch64, i386, powerpc, powerpc64, powerpc64le, powerpcspe, armv7, and riscv64 architectures. FreeBSD provides sophisticated features in networking, performance, security, and compatibility. It serves as an excellent choice for an Internet or Intranet server. It […]

FreeBSD 14.0 released, OpenSSH and OpenSSL updated Read More »

PolarDNS: Open-source DNS server tailored for security evaluations

cybersecurity, DNS, Don't miss, GitHub, News, open source, Oryxlabs, software /

PolarDNS: Open-source DNS server tailored for security evaluations 21/11/2023 at 08:36 By Mirko Zorz PolarDNS is a specialized authoritative DNS server that allows the operator to produce custom DNS responses suitable for DNS protocol testing purposes. What can you do with PolarDNS? PolarDNS can be used for testing of: DNS resolvers (server-side) DNS clients DNS

PolarDNS: Open-source DNS server tailored for security evaluations Read More »

Organizations’ serious commitment to software risk management pays off

Application Security, cybercrime, cybersecurity, News, open source, penetration testing, report, software, survey, Synopsys, Vulnerabilities /

Organizations’ serious commitment to software risk management pays off 21/11/2023 at 07:32 By Industry News There has been a significant decrease in vulnerabilities found in target applications – from 97% in 2020 to 83% in 2022 – an encouraging sign that code reviews, automated testing and continuous integration are helping to reduce common programming errors,

Organizations’ serious commitment to software risk management pays off Read More »

Wireshark 4.2.0 released, open-source packet analysis gets even better

News, open source, packet analysis, software, Wireshark /

Wireshark 4.2.0 released, open-source packet analysis gets even better 17/11/2023 at 11:49 By Help Net Security Wireshark, the popular network protocol analyzer, has reached version 4.2.0. Wireshark 4.2.0: Notable changes Wireshark supports dark mode on Windows. Packet list sorting has been improved. Wireshark and TShark are now better about generating valid UTF-8 output. A new

Wireshark 4.2.0 released, open-source packet analysis gets even better Read More »

HARmor: Open-source tool for sanitizing and securing HAR files

Don't miss, Frontegg, GitHub, News, open source, software /

HARmor: Open-source tool for sanitizing and securing HAR files 15/11/2023 at 10:04 By Mirko Zorz HARmor is an open-source tool that sanitizes HTTP Archive files. Easy to install and run, it enables the safe handling and sharing of HAR files. What are HAR files? HAR files are critical for support teams working to debug and

HARmor: Open-source tool for sanitizing and securing HAR files Read More »

Enhancing mainframe security with proven best practices

cybersecurity, Data Protection, DevOps, Don't miss, Hot stuff, hybrid cloud, mainframe security, network, open source, risk, Rocket Software, Video /

Enhancing mainframe security with proven best practices 15/11/2023 at 08:35 By Help Net Security Mainframe systems have served as the bedrock of enterprise networks for years, standing unmatched in terms of reliability, scalability, and data protection. However, security risks have become a pressing concern as the digital landscape evolves, emerging practices like DevOps, the rise

Enhancing mainframe security with proven best practices Read More »

Open-source vulnerability disclosure: Exploitable weak spots

Aqua Security, cybercriminals, Don't miss, Hot stuff, News, open source, research, vulnerability disclosure /

Open-source vulnerability disclosure: Exploitable weak spots 09/11/2023 at 15:17 By Zeljka Zorz Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. The risk arises from “half-day” and “0.75-day” vulnerabilities “Half-day” vulnerabilities are known

Open-source vulnerability disclosure: Exploitable weak spots Read More »

Biden AI executive order ‘certainly challenging’ for open-source AI — Industry insiders

open source, OpenAI, United States, US Government /

Biden AI executive order ‘certainly challenging’ for open-source AI — Industry insiders 07/11/2023 at 17:04 By Cointelegraph By Savannah Fortis The executive order on AI safety from the Biden administration has laid out its standards for the industry. However, its vagueness has raised concerns among the AI community over stifling innovation. This article is an

Biden AI executive order ‘certainly challenging’ for open-source AI — Industry insiders Read More »

Kubescape 3.0 elevates open-source Kubernetes security

ARMO, GitHub, Kubernetes, News, open source, software /

Kubescape 3.0 elevates open-source Kubernetes security 07/11/2023 at 08:32 By Help Net Security Targeted at the DevSecOps practitioner or platform engineer, Kubescape, the open-source Kubernetes security platform has reached version 3.0. Vulnerability scan results Kubescape 3.0 features Kubescape 3.0 adds new features that make it easier for organizations to secure their Kubernetes clusters, including: Compliance

Kubescape 3.0 elevates open-source Kubernetes security Read More »

Mainframes are around to stay, it’s time to protect them

Compliance, cybersecurity, data, DevOps, mainframe security, News, open source, report, Rocket Software, survey, vulnerability management /

Mainframes are around to stay, it’s time to protect them 01/11/2023 at 07:31 By Help Net Security While many organizations run their core business applications on the mainframe, IT leaders lack confidence in the effectiveness of their mainframe security compliance, signaling a need for more robust security practices, according to Rocket Software. For decades, mainframe

Mainframes are around to stay, it’s time to protect them Read More »

The hidden costs of Java, and the impact of pricing changes

Azul, Cloud, cloud computing, CVE, cybersecurity, Java, Log4j, News, open source, Oracle, report, survey /

The hidden costs of Java, and the impact of pricing changes 01/11/2023 at 07:01 By Help Net Security An overwhelming 98% of all the businesses surveyed use Java in their software applications or infrastructure, and 57% of those organizations indicate that Java is the backbone of most of their applications, according to Azul. When including

The hidden costs of Java, and the impact of pricing changes Read More »

Logging Made Easy: Free log management solution from CISA

CISA, Don't miss, GitHub, Hot stuff, log management, logging, NCSC, News, open source, software, Windows /

Logging Made Easy: Free log management solution from CISA 30/10/2023 at 13:17 By Help Net Security CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s National Cyber Security Centre

Logging Made Easy: Free log management solution from CISA Read More »

Raven: Open-source CI/CD pipeline security scanner

cybersecurity, Cycode, Don't miss, GitHub, News, open source, scanning /

Raven: Open-source CI/CD pipeline security scanner 27/10/2023 at 08:32 By Help Net Security Raven (Risk Analysis and Vulnerability Enumeration for CI/CD) is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed

Raven: Open-source CI/CD pipeline security scanner Read More »

GOAD: Vulnerable Active Directory environment for practicing attack techniques

Active Directory, cybersecurity, GitHub, Hot stuff, News, open source, penetration testing /

GOAD: Vulnerable Active Directory environment for practicing attack techniques 26/10/2023 at 07:01 By Mirko Zorz Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, it highlighted our

GOAD: Vulnerable Active Directory environment for practicing attack techniques Read More »

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

Featured, ICS, ICS/OT, open source, PLC /

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding 25/10/2023 at 18:17 By Eduard Kovacs A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor. The post New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding

New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding Read More »

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)

0-day, APT, Don't miss, Europe, government-backed attacks, Hot stuff, News, open source, Roundcube /

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) 25/10/2023 at 14:46 By Zeljka Zorz The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation of the XSS vulnerability can

Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631) Read More »

Wazuh: Free and open-source XDR and SIEM

Elastic, GitHub, News, open source, SIEM, software, XDR /

Wazuh: Free and open-source XDR and SIEM 24/10/2023 at 07:00 By Help Net Security Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored systems and a management server that processes and

Wazuh: Free and open-source XDR and SIEM Read More »

DIY attack surface management: Simple, cost-effective and actionable perimeter insights

Cloud, cybersecurity, DNS, Don't miss, Expert analysis, Expert corner, exploit, GitHub, Hot stuff, misconfiguration, News, open source, opinion, SaaS, vulnerability, web application, WithSecure /

DIY attack surface management: Simple, cost-effective and actionable perimeter insights 16/10/2023 at 11:46 By Help Net Security Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and forgotten about, only

DIY attack surface management: Simple, cost-effective and actionable perimeter insights Read More »

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure

open source, Vulnerabilities /

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure 13/10/2023 at 13:32 By Eduard Kovacs Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers. The post Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure appeared first on SecurityWeek. This article is an

Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure Read More »

Yeti: Open, distributed, threat intelligence repository

Don't miss, GitHub, Hot stuff, News, open source, Threat Intelligence /

Yeti: Open, distributed, threat intelligence repository 12/10/2023 at 07:01 By Help Net Security Yeti serves as a unified platform to consolidate observables, indicators of compromise, TTPs, and threat-related knowledge. It enhances observables automatically, such as domain resolution and IP geolocation, saving you the effort. With its user-friendly interface built on Bootstrap and a machine-friendly web

Yeti: Open, distributed, threat intelligence repository Read More »

Scroll to Top