software

BinDiff: Open-source comparison tool for binary files

Don't miss, GitHub, Google, News, software /

BinDiff: Open-source comparison tool for binary files 25/09/2023 at 13:01 By Help Net Security BinDiff is a binary file comparison tool to find differences and similarities in disassembled code quickly. It was made open source today. With BinDiff, you can identify and isolate fixes for vulnerabilities in vendor-supplied patches. You can also port symbols and […]

React to this headline:

Loading spinner

BinDiff: Open-source comparison tool for binary files Read More »

Hands-on threat simulations: empower cybersecurity teams to confidently combat threats

Artificial Intelligence, attacks, automation, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, machine learning, Malware, News, opinion, Pluralsight, red team, skill development, software, threat detection, vulnerability /

Hands-on threat simulations: empower cybersecurity teams to confidently combat threats 25/09/2023 at 08:05 By Help Net Security Security processes are increasingly automated which has led some businesses to deprioritize developing their security teams’ defense skills. While antivirus and non-human generated threat detections efficiently identify vulnerabilities, they cannot detect every single threat. With the rising number

React to this headline:

Loading spinner

Hands-on threat simulations: empower cybersecurity teams to confidently combat threats Read More »

What AppSec and developers working in cloud-native environments need to know

Application Security, Backslash Security, cloud computing, containers, cybersecurity, Don't miss, Expert analysis, Expert corner, Hot stuff, IaaS, microservices, News, opinion, serverless, software /

What AppSec and developers working in cloud-native environments need to know 20/09/2023 at 08:05 By Help Net Security All enterprise organizations are, in essence, software publishers, regardless of their industry. This is because every enterprise relies on custom software applications for managing internal processes, interacting with customers, or analyzing data, making them creators and distributors

React to this headline:

Loading spinner

What AppSec and developers working in cloud-native environments need to know Read More »

Securing OTA with Harman International’s Michal Geva

automotive security, connected cars, Cybellum, cybersecurity, News, OTA, podcast, software, update /

Securing OTA with Harman International’s Michal Geva 15/09/2023 at 06:02 By Help Net Security The once far-off vision of remotely updating software without needing to bring it into a service center was initially designed for bug fixes and cybersecurity updates. Today, over-the-air updates (OTA) are used to activate new functionality and upgrade a vehicle– all

React to this headline:

Loading spinner

Securing OTA with Harman International’s Michal Geva Read More »

The rise and evolution of supply chain attacks

backdoor, Broadcom, cybersecurity, Don't miss, Hot stuff, Malware, software, supply chain attacks, Symantec, trojan, Video /

The rise and evolution of supply chain attacks 13/09/2023 at 07:03 By Help Net Security A supply chain attack is a cyberattack that focuses on a third-party supplier providing essential services or software to the supply chain. In this Help Net Security video, Dick O’Brien, Principal Intelligence Analyst in the Symantec Threat Hunter team, discusses

React to this headline:

Loading spinner

The rise and evolution of supply chain attacks Read More »

Shifting left and right, innovating product security

CISO, collaboration, Compliance, Cybellum, cybersecurity, Don't miss, Features, Hot stuff, Incident Response, News, opinion, policy, regulation, software, standards, strategy /

Shifting left and right, innovating product security 07/09/2023 at 07:03 By Mirko Zorz In this Help Net Security interview, Slava Bronfman, CEO at Cybellum, discusses approaches for achieving product security throughout a device’s entire lifecycle, fostering collaboration across business units and product lines, ensuring transparency and security in the supply chain, and meeting regulatory requirements

React to this headline:

Loading spinner

Shifting left and right, innovating product security Read More »

Reaper: Open-source reconnaissance and attack proxy workflow automation

Don't miss, Ghost Security, GitHub, News, open source, software /

Reaper: Open-source reconnaissance and attack proxy workflow automation 05/09/2023 at 06:01 By Mirko Zorz Reaper is an open-source reconnaissance and attack proxy, built to be a modern, lightweight, and efficient equivalent to Burp Suite/ZAP. It focuses on automation, collaboration, and building universally distributable workflows. Reaper is a work in progress, but it’s already capable of

React to this headline:

Loading spinner

Reaper: Open-source reconnaissance and attack proxy workflow automation Read More »

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store

Android, cyber espionage, cybercrime, cybercriminals, cybersecurity, data, Don't miss, ESET, Google, Google Play, Malware, News, Signal, smartphones, software, Telegram /

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store 31/08/2023 at 12:18 By Help Net Security ESET researchers have identified two active campaigns targeting Android users, where the threat actors behind the tools for Telegram and Signal are attributed to the China-aligned APT group GREF. Most likely active since July 2020 and since

React to this headline:

Loading spinner

Trojanized Signal, Telegram apps found on Google Play, Samsung Galaxy Store Read More »

The power of passive OS fingerprinting for accurate IoT device identification

access control, Cato Networks, cybersecurity, DDoS, Don't miss, Expert analysis, Expert corner, Hot stuff, IoT, monitoring, network, News, operating system, opinion, policy, SASE, software, TCP/IP /

The power of passive OS fingerprinting for accurate IoT device identification 31/08/2023 at 07:31 By Help Net Security The number of IoT devices in enterprise networks and across the internet is projected to reach 29 billion by the year 2030. This exponential growth has inadvertently increased the attack surface. Each interconnected device can potentially create

React to this headline:

Loading spinner

The power of passive OS fingerprinting for accurate IoT device identification Read More »

What does optimal software security analysis look like?

Artificial Intelligence, code analysis, Codean, cybersecurity, Don't miss, Features, fuzzing, Hot stuff, machine learning, News, opinion, software /

What does optimal software security analysis look like? 31/08/2023 at 07:01 By Mirko Zorz In this Help Net Security interview, Kevin Valk, co-CEO at Codean, discusses the consequences of relying solely on automated tools for software security. He explains how these tools can complement human knowledge to enhance software security analysis and emphasizes the need

React to this headline:

Loading spinner

What does optimal software security analysis look like? Read More »

A closer look at the RFI on open-source software security

cybersecurity, Don't miss, Government, Hot stuff, open source, regulation, software, strategy, Tidelift, Video /

A closer look at the RFI on open-source software security 30/08/2023 at 07:02 By Help Net Security The U.S. Office of the National Cyber Director (ONCD) released a request for information (RFI) entitled Open-Source Software Security: Areas of Long-Term Focus and Prioritization, which indicates that the U.S. Government’s effort to invest in open-source software and

React to this headline:

Loading spinner

A closer look at the RFI on open-source software security Read More »

Does a secure coding training platform really work?

code, cybersecurity, Don't miss, Expert analysis, Expert corner, exploit, Hot stuff, opinion, sandbox, SecDim, software, training, vulnerability /

Does a secure coding training platform really work? 24/08/2023 at 07:31 By Help Net Security As security vulnerabilities are reported to you time and again, you may ask yourself: “Why don’t these developers learn the lesson?” The next thing you may think is: “We should train developers, so they stop making these mistakes.” For many

React to this headline:

Loading spinner

Does a secure coding training platform really work? Read More »

Security Onion 2.4: Free, open platform for defenders gets huge update

cybersecurity, Elastic, Elasticsearch, News, software /

Security Onion 2.4: Free, open platform for defenders gets huge update 23/08/2023 at 13:03 By Help Net Security Security Onion is a free and open platform for threat hunting, enterprise security monitoring, and log management. It has been downloaded over 2 million times and is being used by security teams worldwide. Security Onion 2.4 comes

React to this headline:

Loading spinner

Security Onion 2.4: Free, open platform for defenders gets huge update Read More »

8 open-source OSINT tools you should try

Don't miss, Features, GitHub, Hot stuff, News, open source, OSINT, OWASP, penetration testing, reconnaissance, Shodan, software /

8 open-source OSINT tools you should try 22/08/2023 at 06:01 By Help Net Security Open-Source Intelligence (OSINT) refers to gathering, assessing, and interpreting public information to address specific intelligence queries. All the tools listed here are available for free. Amass The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using

React to this headline:

Loading spinner

8 open-source OSINT tools you should try Read More »

Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries

GitHub, News, open source, software /

Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries 17/08/2023 at 06:04 By Help Net Security Findlargedir is a tool written to help quickly identify “black hole” directories on any filesystem having more than 100k entries in a single flat structure. When a directory has many entries (directories or files), getting a

React to this headline:

Loading spinner

Findlargedir: Find all “blackhole” directories with a huge amount of filesystem entries Read More »

Product showcase: Free email security test by ImmuniWeb Community Edition

Don't miss, email security, FBI, Hot stuff, ImmuniWeb, News, phishing, Product showcase, software /

Product showcase: Free email security test by ImmuniWeb Community Edition 14/08/2023 at 07:03 By Help Net Security According to an FBI report, in 2022, global losses from business email compromise (BEC) and email account compromise (EAC) attacks attained $43 billion, hitting a historic anti-record. Multiple cybersecurity vendors, including Microsoft and Trend Micro, reported a rapid

React to this headline:

Loading spinner

Product showcase: Free email security test by ImmuniWeb Community Edition Read More »

White House launches AI Cyber Challenge to make software more secure

Anthropic, Artificial Intelligence, Black Hat USA 2023, critical infrastructure, cybersecurity, darpa, DEF CON, Google, Government, Microsoft, News, OpenAI, OpenSSF, software, USA, vulnerability /

White House launches AI Cyber Challenge to make software more secure 10/08/2023 at 12:33 By Help Net Security The Biden-Harris Administration has launched a major two-year competition using AI to protect the United States’ most important software, such as code that helps run the internet and critical infrastructure. The AI Cyber Challenge (AIxCC) will challenge

React to this headline:

Loading spinner

White House launches AI Cyber Challenge to make software more secure Read More »

Assess multi-cloud security with the open-source CNAPPgoat project

AWS, Ermetic, GitHub, Microsoft Azure, Microsoft Entra ID, News, open source, penetration testing, software /

Assess multi-cloud security with the open-source CNAPPgoat project 03/08/2023 at 07:31 By Help Net Security Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. It is available on GitHub. CNAPPgoat supports AWS, Azure (Microsoft

React to this headline:

Loading spinner

Assess multi-cloud security with the open-source CNAPPgoat project Read More »

Open-source penetration testing tool BloodHound CE released

Active Directory, Azure, cybersecurity, Don't miss, GitHub, Microsoft Azure, Microsoft Entra ID, News, open source, penetration testing, software, SpecterOps /

Open-source penetration testing tool BloodHound CE released 02/08/2023 at 06:32 By Mirko Zorz SpecterOps released version 5.0 of BloodHound Community Edition (CE), a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory (AD) and Azure (including Azure AD/Entra ID) environments. It is available for free on GitHub. Identifying simple Attack

React to this headline:

Loading spinner

Open-source penetration testing tool BloodHound CE released Read More »

UAC: Live response collection script for incident response

DFIR, GitHub, Incident Response, Linux, News, open source, software, Unix /

UAC: Live response collection script for incident response 27/07/2023 at 05:33 By Help Net Security Unix-like Artifacts Collector (UAC) is a live response collection script for incident response that makes use of native binaries and tools to automate the collection of AIX, Android, ESXi, FreeBSD, Linux, macOS, NetBSD, NetScaler, OpenBSD, and Solaris systems artifacts. It

React to this headline:

Loading spinner

UAC: Live response collection script for incident response Read More »

Scroll to Top