open source - Security Ticks

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads

Chainguard, container, Funding/M&A, open source, Sequioa, Series C, Supply Chain Security / SecurityTicks

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads 2024-07-25 at 19:49 By Ryan Naraine Software supply chain security startup Chainguard raises a $140 million Series C round that values the company at $1.2 billion. The post Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads appeared first on SecurityWeek. This article is […]

React to this headline:

Chainguard Raises $140 Million, Expands Tech to Secure AI Workloads Read More »

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements

BIND, DNS, DNSSEC, Don't miss, networking, News, open source / SecurityTicks

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements 2024-07-25 at 10:01 By Help Net Security BIND (Berkeley Internet Name Domain) is an open-source DNS software system with an authoritative server, a recursive resolver, and related utilities. BIND 9.20, a stable branch suitable for production use, has been released. According to the current software release

React to this headline:

BIND 9.20 released: Enhanced DNSSEC support, application infrastructure improvements Read More »

Infisical: Open-source secret management platform

Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Infisical: Open-source secret management platform 2024-07-24 at 07:01 By Help Net Security Infisical is an open-source secret management platform developers use to centralize application configurations and secrets, such as API keys and database credentials, while also managing their internal PKI. In addition to managing secrets with Infisical, you can scan your files, directories, and Git

React to this headline:

Infisical: Open-source secret management platform Read More »

Shuffle Automation: Open-source security automation platform

automation, Don't miss, GitHub, Hot stuff, News, open source, security operations, software / SecurityTicks

Shuffle Automation: Open-source security automation platform 2024-07-22 at 07:01 By Mirko Zorz Shuffle is an open-source automation platform designed by and for security professionals. While security operations are inherently complex, Shuffle simplifies the process. It’s designed to integrate with Managed Security Service Providers (MSSPs) and other service providers. Key features Feature-rich workflow editor. App creator

React to this headline:

Shuffle Automation: Open-source security automation platform Read More »

Grype: Open-source vulnerability scanner for container images, filesystems

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, scanning, software / SecurityTicks

Grype: Open-source vulnerability scanner for container images, filesystems 2024-07-18 at 06:31 By Help Net Security Grype is an open-source vulnerability scanner designed for container images and filesystems that seamlessly integrates with Syft, a powerful Software Bill of Materials (SBOM) tool. Find vulnerabilities for major operating system packages Alpine Amazon Linux BusyBox CentOS CBL-Mariner Debian Distroless

React to this headline:

Grype: Open-source vulnerability scanner for container images, filesystems Read More »

Signatures should become cloud security history

cloud security, cybersecurity, Don't miss, Hot stuff, open source, RAD Security, standards, threat detection, Video / SecurityTicks

Signatures should become cloud security history 2024-07-18 at 06:01 By Help Net Security It’s becoming evident that the legacy practice of signature-based threat detection needs to be improved for cloud security challenges. In this Help Net Security video, Jimmy Mesta, CTO at RAD Security, discusses a new proposed standard for creating behavioral fingerprints of open-source

React to this headline:

Signatures should become cloud security history Read More »

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software / SecurityTicks

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover 2024-07-17 at 07:01 By Mirko Zorz SubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fingerprints than other subdomain takeover tools. “SubSnipe does some additional verification after the fingerprinting to find candidates more likely

React to this headline:

SubSnipe: Open-source tool for finding subdomains vulnerable to takeover Read More »

Realm: Open-source adversary emulation framework

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, red team, software / SecurityTicks

Realm: Open-source adversary emulation framework 2024-07-15 at 07:32 By Mirko Zorz Realm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any size. “Realm is unique in its custom interpreter written in Rust. This allows us to write complex TTPs as code. With these actions as code,

React to this headline:

Realm: Open-source adversary emulation framework Read More »

BunkerWeb: Open-source Web Application Firewall (WAF)

GitHub, News, open source, software / SecurityTicks

BunkerWeb: Open-source Web Application Firewall (WAF) 2024-07-10 at 07:01 By Mirko Zorz BunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable by a third party and the community. “The genesis of BunkerWeb comes from the following problem: every time someone from my team

React to this headline:

BunkerWeb: Open-source Web Application Firewall (WAF) Read More »

Monocle: Open-source LLM for binary analysis search

Don't miss, GitHub, Hot stuff, LLMs, machine learning, News, open source, software / SecurityTicks

Monocle: Open-source LLM for binary analysis search 2024-07-08 at 06:31 By Help Net Security Monocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monocle can be provided with a binary and search criteria (authentication code, vulnerable code, password strings, etc.), and it will decompile

React to this headline:

Monocle: Open-source LLM for binary analysis search Read More »

Secator: Open-source pentesting Swiss army knife

Don't miss, GitHub, Hot stuff, News, open source, penetration testing, software / SecurityTicks

Secator: Open-source pentesting Swiss army knife 2024-07-03 at 07:01 By Help Net Security Secator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to enhance the efficiency of pen testers and security researchers. Secator features Curated list of commands Unified input options Unified

React to this headline:

Secator: Open-source pentesting Swiss army knife Read More »

Portainer: Open-source Docker and Kubernetes management

containers, Docker, GitHub, Kubernetes, News, open source, software / SecurityTicks

Portainer: Open-source Docker and Kubernetes management 2024-07-01 at 07:32 By Mirko Zorz Portainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Docker, Swarm, Kubernetes, and ACI environments. It provides a smart GUI and a comprehensive API to manage your orchestrator resources, including containers, images, volumes, networks,

React to this headline:

Portainer: Open-source Docker and Kubernetes management Read More »

US, Allies Warn of Memory Unsafety Risks in Open Source Software

Application Security, CISA, guidance, open source, source code / SecurityTicks

US, Allies Warn of Memory Unsafety Risks in Open Source Software 2024-06-27 at 17:01 By Ionut Arghire Most critical open source software contains code written in a memory unsafe language, US, Australian, and Canadian government agencies warn. The post US, Allies Warn of Memory Unsafety Risks in Open Source Software appeared first on SecurityWeek. This

React to this headline:

US, Allies Warn of Memory Unsafety Risks in Open Source Software Read More »

Gitleaks: Open-source solution for detecting secrets in your code

Data leak, Don't miss, GitHub, Hot stuff, News, open source, software / SecurityTicks

Gitleaks: Open-source solution for detecting secrets in your code 2024-06-27 at 07:37 By Mirko Zorz Gitleaks is an open-source SAST tool designed to detect and prevent hardcoded secrets such as passwords, API keys, and tokens in Git repositories. With more than 15 million Docker downloads, 16,200 GitHub stars, 7 million GitHub downloads, thousands of weekly

React to this headline:

Gitleaks: Open-source solution for detecting secrets in your code Read More »

Developer errors lead to long-term exposure of sensitive data in Git repos

Aqua Security, cybersecurity, data, Don't miss, GitHub, News, open source, report, software, software development / SecurityTicks

Developer errors lead to long-term exposure of sensitive data in Git repos 2024-06-26 at 15:01 By Help Net Security Credentials, API tokens, and passkeys – collectively referred to as secrets – from organizations around the globe were exposed for years, according to Aqua Security’s latest research. By scanning the most popular 100 organizations on GitHub,

React to this headline:

Developer errors lead to long-term exposure of sensitive data in Git repos Read More »

Zeek: Open-source network traffic analysis, security monitoring

cybersecurity, Don't miss, GitHub, Hot stuff, monitoring, network analysis, network monitoring, News, open source, software / SecurityTicks

Zeek: Open-source network traffic analysis, security monitoring 2024-06-25 at 07:01 By Mirko Zorz Zeek is an open-source network analysis framework. Unlike an active security device such as a firewall, Zeek operates on a versatile ‘sensor’ that can be a hardware, software, virtual, or cloud platform. This flexibility allows Zeek to quietly monitor network traffic, interpret

React to this headline:

Zeek: Open-source network traffic analysis, security monitoring Read More »

Open-source Rafel RAT steals info, locks Android devices, asks for ransom

account hijacking, Android, Check Point, cyber espionage, Don't miss, Hot stuff, Malware, News, open source, Ransomware / SecurityTicks

Open-source Rafel RAT steals info, locks Android devices, asks for ransom 2024-06-24 at 14:46 By Zeljka Zorz The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Check Point

React to this headline:

Open-source Rafel RAT steals info, locks Android devices, asks for ransom Read More »

Cilium: Open-source eBPF-based networking, security, observability

cybersecurity, Don't miss, GitHub, Hot stuff, networking, News, open source, software / SecurityTicks

Cilium: Open-source eBPF-based networking, security, observability 2024-06-21 at 07:01 By Help Net Security Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. What is eBPF? eBPF is a technology originating from the Linux kernel that allows sandboxed programs to run in

React to this headline:

Cilium: Open-source eBPF-based networking, security, observability Read More »

SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting

cybersecurity, Don't miss, GitHub, Hot stuff, News, open source, software, Stamus Networks / SecurityTicks

SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting 2024-06-19 at 07:33 By Mirko Zorz SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection (IDS/IPS), network security monitoring (NSM), and threat hunting. The project is developed and maintained by Stamus Networks. SELKS is an effective production-grade solution for many small

React to this headline:

SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting Read More »

Enhancing security through collaboration with the open-source community

code, collaboration, Compliance, cybersecurity, Don't miss, Features, Hot stuff, NetworkRADIUS, News, open source, opinion, regulation, software development, strategy / SecurityTicks

Enhancing security through collaboration with the open-source community 2024-06-18 at 07:32 By Mirko Zorz In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security.

React to this headline:

Enhancing security through collaboration with the open-source community Read More »