Tag: open-source
-
Top 10 ASEAN stories of 2024
by
in SecurityNewsSoutheast Asia’s 2024 tech landscape saw major companies embracing AI, shifts in open source and the emergence of local large language models to address the needs of a diverse region First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617089/Top-10-ASEAN-stories-of-2024
-
Die 10 besten APITools
by
in SecurityNews
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
Wie Unternehmen Open-Source-Komponenten sicher verwenden – Offene Quelle, offene Schwachstelle?
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/open-source-sicherheit-unternehmen-schutz-a-249cc2215907caad84226d4b93ea4668/
-
Top 10 cyber security stories of 2024
by
in SecurityNewsData breaches, data privacy and protection, and the thorny issue of open source security were all hot topics this year. Meanwhile, security companies frequently found themselves hitting the headlines, and not always for good reasons. Here are Computer Weekly’s top 10 cyber security stories of 2024 First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366617185/Top-10-cyber-security-stories-of-2024
-
Sophos stellt Tuning-Tool für große Sprachmodelle als Open-Source-Programm zur Verfügung
by
in SecurityNewsGroße Sprachmodelle (Large-Language-Models, LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident-Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles…
-
Not Your Old ActiveState: Introducing our EndEnd OS Platform
by
in SecurityNews
Tags: open-sourceHaving been at ActiveState for nearly eight years, I’ve seen many iterations of our product. However, one thing has stayed true over the years: Our commitment to the open source community and companies using open source in their code.ActiveState has been helping enterprises manage open source for over a decade. In the early days, open…
-
Vanir: Open-source security patch validation for Android
by
in SecurityNewsGoogle’s open-source tool Vanir enables Android developers to quickly scan custom platform code for missing or applicable security patches. By automating patch … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/18/vanir-open-source-android-security-patch-validation/
-
Sonar Expands to Third-Party Code Security with Tidelift Buy
by
in SecurityNewsDeal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps. The integration of Tidelift into Sonar’s ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code. First seen on govinfosecurity.com Jump…
-
Sonar Expands to Third-Party Code Security with Tidelift Buy
by
in SecurityNewsDeal Targets Open Source Library Risks in Software Supply Chain, Boosts DevSecOps. The integration of Tidelift into Sonar’s ecosystem will enhance software supply chain security by leveraging human-verified insights from maintainers of popular open source libraries. Developers can expect comprehensive tools to address vulnerabilities in first-party, AI-generated, and third-party code. First seen on govinfosecurity.com Jump…
-
That cheap webcam? HiatusRAT may be targeting it, FBI warns
by
in SecurityNewsWebcams have been a key part of business and home offices everywhere, especially since the COVID pandemic hit. But they are not often high-quality products, especially if used only sporadically, as many consumers and remote workers are content with a cheap one from China. This not only causes regular hardware problems, but it can also be…
-
SophosAI-Team stellt Open-Source-Tuning-Tool für LLMs bereit
by
in SecurityNewsLarge-Language-Modelle (LLMs) haben das Potenzial, die Arbeitslast zu automatisieren und zu reduzieren, einschließlich der von Cybersicherheitsanalysten und Incident Respondern. Generischen LLMs fehlt jedoch das domänenspezifische Wissen, um diese Aufgaben gut zu bewältigen. Auch wenn sie mit Trainingsdaten erstellt wurden, die Cybersicherheitsressourcen enthalten, reicht dies oft nicht aus, um spezialisiertere Aufgaben zu übernehmen, die aktuelles und…
-
Misconfiguration Manager: Detection Updates
by
in SecurityNewsTL;DR: The Misconfiguration Manager DETECT section has been updated with relevant guidance to help defensive operators identify the most prolific attack techniques from the Misconfiguration Manager project. Background If you have been following SpecterOps’s offensive security research over the last few years, you may have noticed our interest in targeting attack paths leveraging Microsoft’s Configuration Manager…
-
Hackers Exploiting Apache Struts2 Vulnerability to Upload Malicious Payloads
by
in SecurityNewsHackers have begun exploiting a newly discovered vulnerability in Apache Struts2, a widely used open-source framework for developing Java web applications. The vulnerability, assigned the identifier CVE-2024-53677, has a critical CVSS score of 9.5, indicating its potential for severe impact if left unaddressed. Background on the Vulnerability Apache Struts2 announced the vulnerability last week, highlighting…
-
privacyIDEA Workshop Teil 1 – So geht Mehr-Faktor-Authentifizierung mit Open Source
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/privacyidea-workshop-teil-1-a-a71744561a26f0ee5a1939b55bf8520d/
-
Trapster Community: Open-source, low-interaction honeypot
by
in SecurityNewsTrapster Community is an open-source, lightweight, low-interaction honeypot designed for deployment within internal networks. It enhances network security by creating a … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/16/trapster-community-open-source-honeypot/
-
Generative AI Security Tools Go Open Source
by
in SecurityNewsBusinesses deploying large language models and other GenAI systems have a growing collection of open source tools for testing AI security. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/generative-ai-breaking-tools-go-open-source
-
What is gRPC and How Does it Enhance API Security?
by
in SecurityNewsAs the reliance on APIs grows, so do the challenges of ensuring they are both fast and secure. Enter gRPC”, a high-performance, open-source framework that has revolutionised how systems communicate in real time. More than just a tool for building APIs, gRPC brings an added layer of efficiency and robust security features to the table.…
-
336K Prometheus Instances Exposed to DoS, ‘Repojacking’
by
in SecurityNewsOpen source Prometheus servers and exporters are leaking plaintext passwords and tokens, along with API addresses of internal locations. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/336k-prometheus-instances-exposed-dos-repojacking
-
FuzzyAI: Open-source tool for automated LLM fuzzing
by
in SecurityNewsFuzzyAI is an open-source framework that helps organizations identify and address AI model vulnerabilities in cloud-hosted and in-house AI models, like guardrail bypassing and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/13/fuzzyai-automated-llm-fuzzing/
-
Study highlights challenges, priorities in securing open-source software
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/study-highlights-challenges-priorities-in-securing-open-source-software
-
Aqua Security warns of significant risks in Prometheus stack
by
in SecurityNewsThe cloud security vendor called on Prometheus to provide users with additional safeguards to protect against misconfigurations discovered in the open source monitoring tool. First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366617178/Aqua-Security-warns-of-significant-risks-in-Prometheus-stack
-
Keycloak: Open-source identity and access management
by
in SecurityNewsKeycloak is an open-source project for identity and access management (IAM). It provides user federation, strong authentication, user management, authorization, and more. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/12/keycloak-open-source-identity-and-access-management-iam/
-
Open source maintainers are drowning in junk bug reports written by AI
by
in SecurityNewsPython security developer-in-residence decries use of bots that ‘cannot understand code’ First seen on theregister.com Jump to article: www.theregister.com/2024/12/10/ai_slop_bug_reports/
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
OpenWrt: Upgrade-Schwachstelle CVE-2024-54143 gefährdet Firmware-Updates
by
in SecurityNewsKurze Information für Benutzer der OpenWrt-Firmware für Router. Der Update-Service für die Firmware weist in älteren Versionen die Schwachstelle CVE-2024-54143 auf. Angreifer könnten diese Schwachstelle ausnutzen, um Schadsoftware per Firmware-Update einzuschleusen. Es gibt aber bereits eine gepatchte Firmware-Version. Die Open-Source-Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/openwrt-upgrade-schwachstelle-cve-2024-54143-gefaehrdet-firmware-updates/
-
Critical OpenWrt Bug: Update Your Gear!
by
in SecurityNewsASU 48-bit trash hash: Open source router firmware project fixes dusty old code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/openwrt-cve-2024-54143-richixbw/