Tag: open-source
-
Ollama drama as ‘easyexploit’ critical flaw found in open source AI server
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/06/24/rce_ollama_wiz/
-
SubSnipe: Open-source tool for finding subdomains vulnerable to takeover
by
in SecurityNewsSubSnipe is an open-source, multi-threaded tool to help find subdomains vulnerable to takeover. It’s simpler, produces better output, and has more fin… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/17/subsnipe-open-source-tool-find-subdomains-vulnerable-takeover/
-
Critical Unpatched Flaws Disclosed in Popular Gogs Open-Source Git Service
by
in SecurityNewsFour unpatched security flaws, including three critical ones, have been disclosed in the Gogs open-source, self-hosted Git service that could enable a… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/critical-vulnerabilities-disclosed-in.html
-
Realm: Open-source adversary emulation framework
by
in SecurityNewsRealm is an open-source adversary emulation framework emphasizing scalability, reliability, and automation. It’s designed to handle engagements of any… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/15/realm-open-source-adversary-emulation-framework/
-
The Emerging Role of AI in Open-Source Intelligence
by
in SecurityNewsRecently the Office of the Director of National Intelligence (ODNI) unveiled a new strategy for open-source intelligence (OSINT) and referred to OSINT… First seen on thehackernews.com Jump to article: thehackernews.com/2024/07/the-emerging-role-of-ai-in-open-source.html
-
Detecting Living Off The Land attacks with Wazuh
by
in SecurityNewsThreat actors commonly use Living Off The Land (LOTL) techniques to evade detection. Learn more from Wazuh about how its open source XDR/SIEM #cyberse… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/detecting-living-off-the-land-attacks-with-wazuh/
-
CRYSTALRAY Group Targets 1,500 Organizations in 6 Months
by
in SecurityNewsRelatively New Threat Actor Uses Open-Source Tools, Focuses on US and China. A relatively new threat actor has compromised over 1,500 organizations wo… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/crystalray-group-targets-1500-organizations-in-6-months-a-25759
-
‘CrystalRay’ Expands Arsenal, Hits 1,500 Targets with SSH-Snake and Open Source Tools
by
in SecurityNewsA threat actor tracked as CrystalRay has hit 1,500 victims since February, stealing credentials and deploying backdoors. The post ‘CrystalRay’ Expands… First seen on securityweek.com Jump to article: www.securityweek.com/crystalray-expands-arsenal-hits-1500-targets-with-ssh-snake-and-open-source-tools/
-
CrystalRay operations have scaled 10x to over 1,500 victims
by
in SecurityNewsA threat actor known as CrystalRay targeted 1,500 victims since February using tools like SSH-Snake and various open-source utilities. The Sysdig Thre… First seen on securityaffairs.com Jump to article: securityaffairs.com/165607/cyber-crime/crystalray-operations-scaled-10x.html
-
CISA offers tools to promote secure use of open-source software
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/cisa-offers-tools-to-promote-secure-use-of-open-source-software
-
9 unverzichtbare Open Source Security Tools
by
in SecurityNewsFirst seen on csoonline.com Jump to article: www.csoonline.com/de/a/9-unverzichtbare-open-source-security-tools
-
BunkerWeb: Open-source Web Application Firewall (WAF)
by
in SecurityNewsBunkerWeb is an open-source Web Application Firewall (WAF) distributed under the AGPLv3 free license. The solution’s core code is entirely auditable b… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/10/bunkerweb-open-source-web-application-firewall-waf/
-
Malware in Open Source-Software: Wie groß ist die Bedrohung der IT-Sicherheit wirklich?
by
in SecurityNewsIm März 2024 machte die Entdeckung einer Backdoor in den zur Komprimierung genutzten xz-Tools und Bibliotheken Schlagzeilen. Aber wie groß ist die Bed… First seen on borncity.com Jump to article: www.borncity.com/blog/2024/07/08/malware-in-open-source-software-wie-gro-ist-die-bedrohung-der-it-sicherheit-wirklich/
-
Datenschutzverletzung im großen Stil Lernen aus dem ATT-Hack
by
in SecurityNewsSoftware-Lieferketten haben sich zu komplizierten Netzen entwickelt, die in hohem Maße auf Open-Source-Bibliotheken angewiesen sind. Immer mehr Untern… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/07/01/datenschutzverletzung-im-grossen-stil-lernen-aus-dem-att-hack/
-
Google Opens $250K Bug Bounty Contest for VM Hypervisor
by
in SecurityNewsIf security researchers can execute a guest-to-host attack using a zero-day vulnerability in the KVM open source hypervisor, Google will make it worth… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/google-opens-250k-bug-bounty-contest-for-vm-hypervisor
-
CISA Advances Open-Source Software Security with Strategic Initiatives and Community Collaboration
by
in SecurityNewsThe Cybersecurity and Infrastructure Security Agency (CISA) has announced its next phase to enhance the security of open-source software (OSS) through… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/cisa-announces-open-source-software-security/
-
Monocle: Open-source LLM for binary analysis search
by
in SecurityNewsMonocle is open-source tooling backed by a large language model (LLM) for performing natural language searches against compiled target binaries. Monoc… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/08/monocle-open-source-llm-binary-analysis-search/
-
How CISA Plans to Measure Trust in Open-Source Software
by
in SecurityNewsAgency Is in 2nd Phase of Its Open-Source Software Security Road Map. The U.S. Cybersecurity and Infrastructure Security Agency provided details on Mo… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/how-cisa-plans-to-measure-trust-in-open-source-software-a-25723
-
Collaborate on Shifting Left: Why ‘AppSec Is a Team Sport’
by
in SecurityNewsDevelopers are using more and more open-source code because they want to move fast, said Cycode’s Lotem Guy. But the speed of development and the cont… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/interviews/collaborate-on-shifting-left-appsec-team-sport-i-5398
-
CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code
by
in SecurityNewsFirst seen on techrepublic.com Jump to article: www.techrepublic.com/article/open-source-projects-memory-unsafe-code-cisa/
-
CISA Flags Memory-Unsafe Code in Major Open Source Projects
by
in SecurityNewsDespite more than 50% of all open source code being written in memory-unsafe languages like C++, we are unlikely to see a massive overhaul to codebase… First seen on darkreading.com Jump to article: www.darkreading.com/application-security/cisa-memory-unsafe-code-open-source-projects
-
Eine neue Bedrohung für die Open-Source-Community – Lumma-Malware hat jetzt auch Python-Entwickler als Ziel
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/lumma-malware-hat-jetzt-auch-python-entwickler-als-ziel-a-b4b6c6f1d0bc92cbfb83a6f8b7568481/
-
Secator: Open-source pentesting Swiss army knife
by
in SecurityNewsSecator is an open-source task and workflow runner tailored for security assessments. It facilitates the use of numerous security tools and aims to en… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/03/secator-open-source-pentesting-swiss-army-knife/
-
GeoServer and GeoTools Address XPath Expression Injection Vulnerabilities
by
in SecurityNewsWidely used open-source Java tools, GeoServer and GeoTools, that help in geospatial data processing have fixed security vulnerabilities related to XPa… First seen on thecyberexpress.com Jump to article: thecyberexpress.com/xpath-expression-injection-vulnerabilities/
-
Gogs Vulnerabilities Let Attackers Hack Instances Steal Source Code
by
in SecurityNewsGogs is a standard open-source code hosting system used by many developers. Several Gogs vulnerabilities have been discovered recently by the cybersec… First seen on gbhackers.com Jump to article: gbhackers.com/gogs-vulnerabilities-hack-steal-source-code/
-
CocoaPods: Anfällig für Supply-Chain-Angriffe in zahllosen Mac- und iOS-Apps
by
in SecurityNewsDer Dependency-Manager auf Open-Source-Basis steckt in Millionen von Swift- und Objective-C-Programmen. Offenbar standen für fast ein Jahrzehnt die To… First seen on heise.de Jump to article: www.heise.de/news/CocoaPods-Anfaellig-fuer-Supply-Chain-Angriffe-in-zahllosen-Mac-und-iOS-Apps-9786099.html
-
Critical RCE Vulnerability Discovered in Ollama AI Infrastructure Tool
by
in SecurityNews
Tags: ai, cybersecurity, flaw, infrastructure, intelligence, open-source, rce, remote-code-execution, tool, update, vulnerabilityCybersecurity researchers have detailed a now-patch security flaw affecting the Ollama open-source artificial intelligence (AI) infrastructure platfor… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/critical-rce-vulnerability-discovered.html
-
Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices
by
in SecurityNewsMultiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet the… First seen on thehackernews.com Jump to article: thehackernews.com/2024/06/iranian-hackers-deploy-rafel-rat-in.html
-
Portainer: Open-source Docker and Kubernetes management
by
in SecurityNewsPortainer Community Edition is an open-source, lightweight service delivery platform for containerized applications. It enables the management of Dock… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/07/01/portainer-open-source-docker-kubernetes-management/
-
Gogs Vulnerabilities Let Attackers Hack Instances And Steal Source Code
by
in SecurityNewsGogs is a standard open-source code hosting system used by many developers. Several Gogs vulnerabilities have been discovered recently by the cybersec… First seen on gbhackers.com Jump to article: gbhackers.com/gogs-vulnerabilities-hack-steal-source-code/