Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many […]
React to this headline:
Does a secure coding training platform really work? Read More »
Security Onion 2.4: Free, open platform for defenders gets huge update 23/08/2023 at 13:03 By Help Net Security Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It has been downloaded over 2 million times and is being used by security teams worldwide. Security Onion 2.4 comes
React to this headline:
Security Onion 2.4: Free, open platform for defenders gets huge update Read More »
8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using
React to this headline:
8 open-source OSINT tools you should try Read More »
Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries 17/08/2023 at 06:04 By Help Net Security Findlargedir is a tool written to help quickly identify “black hole” directories on any filesystem having more than 100k entries in a single flat structure. When a directory has many entries (directories or files), getting a
React to this headline:
Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries Read More »
Product showcase: Free email security test by ImmuniWeb Community Edition 14/08/2023 at 07:03 By Help Net Security According to an FBI report, in 2022, global losses from business email compromise (BEC) and email account compromise (EAC) attacks attained $43 billion, hitting a historic anti-record. Multiple cybersecurity vendors, including Microsoft and Trend Micro, reported a rapid
React to this headline:
Product showcase: Free email security test by ImmuniWeb Community Edition Read More »
White House launches AI Cyber Challenge to make software more secure 10/08/2023 at 12:33 By Help Net Security The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge
React to this headline:
White House launches AI Cyber Challenge to make software more secure Read More »
Assess multi-cloud security with the open-source CNAPPgoat project 03/08/2023 at 07:31 By Help Net Security Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. It is available on GitHub. CNAPPgoat supports AWS, Azure (Microsoft
React to this headline:
Assess multi-cloud security with the open-source CNAPPgoat project Read More »
Open-source penetration testing tool BloodHound CE released 02/08/2023 at 06:32 By Mirko Zorz SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub. Identifying simple Attack
React to this headline:
Open-source penetration testing tool BloodHound CE released Read More »
UAC: Live response collection script for incident response 27/07/2023 at 05:33 By Help Net Security Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris systems artifacts. It
React to this headline:
UAC: Live response collection script for incident response Read More »
Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database 26/07/2023 at 07:02 By Help Net Security Time is of the essence when it comes to recovery after Exchange Server failure or database corruption, as organizations depend on emails for their day-to-day business communication. The more the delay in restoring services and recovering data, the
React to this headline:
Product showcase: Stellar Toolkit for Exchange – Restore Exchange Database Read More »
12 open-source penetration testing tools you might not know about 18/07/2023 at 07:34 By Mirko Zorz Red Siege has developed and made available many open-source tools to help with your penetration testing work. The company plans to continue to support the tools listed below, whether in the form of bug fixes or new features. Give
React to this headline:
12 open-source penetration testing tools you might not know about Read More »
Verifying Software Integrity With Sigstore 11/07/2023 at 17:48 By Matt Honea Signing code is very important to defend against supply chain attacks, but it’s also one of the most cumbersome to implement for internal development. The post Verifying Software Integrity With Sigstore appeared first on SecurityWeek. This article is an excerpt from SecurityWeek RSS Feed
React to this headline:
Verifying Software Integrity With Sigstore Read More »
Owncast, EaseProbe security vulnerabilities revealed 11/07/2023 at 11:17 By Help Net Security Oxeye has uncovered two critical security vulnerabilities and recommends immediate action to mitigate risk. The vulnerabilities were discovered in Owncast (CVE-2023-3188) and EaseProbe (CVE-2023-33967), two open-source platforms written in Go. Owncast vulnerability (CVE-2023-3188) The first vulnerability was discovered in Owncast, an open-source, self-hosted,
React to this headline:
Owncast, EaseProbe security vulnerabilities revealed Read More »
53% of SaaS licenses remain unused 04/07/2023 at 06:38 By Help Net Security Enterprise leaders in procurement, IT, and finance need to take immediate action to rationalize their SaaS portfolios to prevent spending and governance challenges from spiraling out of control, according to Productiv. Productiv analyzed how nearly 100 million SaaS licenses were used over
React to this headline:
53% of SaaS licenses remain unused Read More »
Micropatches: What they are and how they work 29/06/2023 at 07:02 By Help Net Security In this Help Net Security video, Mitja Kolsek, CEO at Acros Security, discusses micropatches, a solution to a huge security problem. With micropatches, there are no reboots or downtime when patching and no fear that an official update will break
React to this headline:
Micropatches: What they are and how they work Read More »
10 open-source recon tools worth your time 20/06/2023 at 07:02 By Help Net Security Recon is the initial stage in the penetration testing process. It’s a vital phase allowing the tester to understand their target and strategize their moves. Here are ten open-source recon tools that deserve to be in your arsenal. Altdns Altdns is
React to this headline:
10 open-source recon tools worth your time Read More »
Fiddler Auditor: Open-source tool evaluates the robustness of large language models 15/06/2023 at 07:17 By Help Net Security Fiddler Auditor is an open-source tool designed to evaluate the robustness of Large Language Models (LLMs) and Natural Language Processing (NLP) models. LLMs can sometimes produce unwarranted content, potentially create hostile responses, and may disclose confidential information
React to this headline:
Fiddler Auditor: Open-source tool evaluates the robustness of large language models Read More »
20 cybersecurity projects on GitHub you should check out 08/06/2023 at 07:47 By Helga Labus Open-source GitHub cybersecurity projects, developed and maintained by dedicated contributors, provide valuable tools, frameworks, and resources to enhance security practices. From vulnerability scanning and network monitoring to encryption and incident response, the following collection encompasses a diverse range of projects
React to this headline:
20 cybersecurity projects on GitHub you should check out Read More »
SBOMs – Software Supply Chain Security’s Future or Fantasy? 05/06/2023 at 14:39 By Kevin Townsend If after eighteen months, meaningful use of SBOMs is unachievable, we need to ask what needs to be done to fulfill Biden’s executive order. The post SBOMs – Software Supply Chain Security’s Future or Fantasy? appeared first on SecurityWeek. This
React to this headline:
SBOMs – Software Supply Chain Security’s Future or Fantasy? Read More »
Penetration tester develops AWS-based automated cracking rig 30/05/2023 at 07:40 By Mirko Zorz Building a custom cracking rig for research can be expensive, so penetration tester Max Ahartz built one on AWS. In this Help Net Security interview, he takes us through the process and unveils the details of his creation. What motivated you to
React to this headline:
Penetration tester develops AWS-based automated cracking rig Read More »