Tag: open-source
-
GhostStrike: Open-source tool for ethical hacking
GhostStrike is an open-source, advanced cybersecurity tool tailored for ethical hacking and Red Team operations. It incorporates cutting-edge techniques, including process … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/17/ghoststrike-open-source-tool-ethical-hacking/
-
Open-Source Entry Points Targeted for Supply Chain Compromise
First seen on scworld.com Jump to article: www.scworld.com/brief/open-source-entry-points-targeted-for-supply-chain-compromise
-
Forscher finden teils kritische Schwachstellen in Passwort-Managern
Bei einer Open-Source-Codeanalyse hat das BSI die Passwort-Manager Vaultwarden und KeePass auf Sicherheitseigenschaften untersucht mit ungleichen Ergebnissen. First seen on heise.de Jump to article: www.heise.de/news/Passwort-Manager-BSI-berichtet-ueber-kritische-Schwachstellen-in-Vaultwarden-9982427.html
-
Navigating the Cybersecurity Risks of Shadow Open-Source GenAI
Generative AI is no doubt the leading frontier in AI. Models have captured attention and driven exciting use cases across industries with their ability to create everything from text to images, and even solve complex coding problems. The likes of ChatGPT and Anthropic have changed how companies innovate, automate and engage with customers in just…
-
Attackers deploying red teaming tool for EDR evasion
Threat actors are leveraging the open-source EDRSilencer tool to evade endpoint detection and response systems, Trend Micro researchers have noticed. About EDRSilencer The … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/15/edr-evasion-edrsilencer/
-
Open Source Package Entry Points May Lead to Supply Chain Attacks
Entry points in packages across multiple programming languages are susceptible to exploitation in supply chain attacks. The post Open Source Package Entry Points May Lead to Supply Chain Attacks appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/open-source-package-entry-points-may-lead-to-supply-chain-attacks/
-
Ubuntu Fixes Multiple PHP Vulnerabilities: Update Now
Multiple security vulnerabilities were identified in PHP, a widely-used open source general purpose scripting language which could compromise the security and integrity of web applications. These vulnerabilities include incorrect parsing of multipart/form-data, improper handling of directives, and flawed logging mechanisms. Let’s dive into the details of the recent vulnerabilities. Recent PHP Vulnerabilities Addressed ……
-
Command-jacking used to launch malicious code on open-source platforms
First seen on scworld.com Jump to article: www.scworld.com/news/command-jacking-used-to-launch-malicious-code-on-open-source-platforms
-
Supply Chain Attacks Can Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Tags: attack, cybersecurity, exploit, malicious, open-source, programming, pypi, risk, rust, software, supply-chainCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.”Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers…
-
Supply Chain Attacks Exploit Entry Points in Python, npm, and Open-Source Ecosystems
Tags: attack, cybersecurity, exploit, malicious, open-source, programming, pypi, risk, rust, software, supply-chainCybersecurity researchers have found that entry points could be abused across multiple programming ecosystems like PyPI, npm, Ruby Gems, NuGet, Dart Pub, and Rust Crates to stage software supply chain attacks.”Attackers can leverage these entry points to execute malicious code when specific commands are run, posing a widespread risk in the open-source landscape,” Checkmarx researchers…
-
Tanium kommentiert die Nutzung von Open Source Software und deren Gefahren
Angesichts der zunehmenden Cyberbedrohungen ist ein proaktiver und ganzheitlicher Ansatz für die IT-Sicherheit unerlässlich. Moderne Sicherheitslösungen ermöglichen eine umfassende Sichtbarkeit auf alle Endpunkte und Assets in Echtzeit. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tanium-kommentiert-de-nutzung-von-open-source-software-und-deren-gefahren/a38641/
-
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.”In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and…
-
Open-source security threats surge amid increasing usage
First seen on scworld.com Jump to article: www.scworld.com/brief/open-source-security-threats-surge-amid-increasing-usage
-
Open-Source Security Risks Rise as Usage Expands
First seen on scworld.com Jump to article: www.scworld.com/brief/open-source-security-risks-rise-as-usage-expands
-
Open Source Software unbestreitbare Vorteile sowie Risiken
First seen on datensicherheit.de Jump to article: www.datensicherheit.de/open-source-software-unbestreitbar-vorteile-risiken
-
GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.”In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and…
-
Sonatype Reports 156% Increase in OSS Malicious Packages
A new Sonatype report reveals a 156% surge in open source malware, with over 704,102 malicious packages identified since 2019, as OSS adoption continues to skyrocket First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/156-increase-in-oss-malicious/
-
Auditing Gradio 5, Hugging Face’s ML GUI framework
This is a joint post with the Hugging Face Gradio team; read their announcement here! You can find the full report with all of the detailed findings from our security audit of Gradio 5 here. Hugging Face hired Trail of Bits to audit Gradio 5, a popular open-source library that provides a web interface that……
-
Malicious packages in open-source repositories are surging
The open-source ecosystem is being overrun by malicious packages, a new report from Sonatype finds. First seen on cyberscoop.com Jump to article: cyberscoop.com/open-source-security-supply-chain-sonatype/
-
Technical Analysis of DarkVision RAT
Tags: access, antivirus, api, attack, cloud, communications, computer, control, cybercrime, data, detection, encryption, endpoint, infection, injection, malicious, malware, network, open-source, password, powershell, rat, remote-code-execution, startup, tactics, theft, threat, tool, windowsIntroductionDarkVision RAT is a highly customizable remote access trojan (RAT) that first surfaced in 2020, offered on Hack Forums and their website for as little as $60. Written in C/C++, and assembly, DarkVision RAT has gained popularity due to its affordability and extensive feature set, making it accessible even to low-skilled cybercriminals. The RAT’s capabilities…
-
How open source SIEM and XDR tackle evolving threats
Evolving threats require security solutions that match the sophistication of modern threats. Learn more about how Wazuh, the open-source XDR and SIEM, tackles these threats. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/how-open-source-siem-and-xdr-tackle-evolving-threats/
-
YARA: Open-source tool for malware research
YARA is a powerful tool designed primarily to aid malware researchers in identifying and categorizing malware samples, though its applications are broader. The tool enables … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/10/09/yara-open-source-tool-malware-research/
-
Open-Source Scanner Released to Detect CUPS Vulnerability
A new open-source scanner has been released to detect a critical vulnerability in the Common Unix Printing System (CUPS), explicitly targeting CVE-2024-47176. This vulnerability and others in the chain pose significant risks as it can allow remote code execution on UNIX and UNIX-like systems. The scanner aims to help system administrators identify and mitigate these…
-
Qualcomm Urges OEMs to Patch Critical DSP and WLAN Flaws Amid Active Exploits
Qualcomm has rolled out security updates to address nearly two dozen flaws spanning proprietary and open-source components, including one that has come under active exploitation in the wild.The high-severity vulnerability, tracked as CVE-2024-43047 (CVSS score: 7.8), has been described as a user-after-free bug in the Digital Signal Processor (DSP) Service that could lead to “memory…