Tag: open-source
-
Critical OpenWrt Bug: Update Your Gear!
by
in SecurityNewsASU 48-bit trash hash: Open source router firmware project fixes dusty old code. First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/openwrt-cve-2024-54143-richixbw/
-
Ost-West-Bruch bei Open Source vermeiden: Ein Aufruf zur Einheit
by
in SecurityNewsOpen Source hat die westliche Welt erobert, entwickelt sich aber auch in China rasant. Dieser Aufschwung kann gleichzeitig Anlass zur Sorge geben. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/ost-west-bruch-bei-open-source-vermeiden-ein-aufruf-zur-einheit/a39216/
-
OpenWrt: Upgrade-Schwachstelle CVE-2024-54143 gefährdet Firmware-Updates
by
in SecurityNewsKurze Information für Benutzer der OpenWrt-Firmware für Router. Der Update-Service für die Firmware weist in älteren Versionen die Schwachstelle CVE-2024-54143 auf. Angreifer könnten diese Schwachstelle ausnutzen, um Schadsoftware per Firmware-Update einzuschleusen. Es gibt aber bereits eine gepatchte Firmware-Version. Die Open-Source-Software … First seen on borncity.com Jump to article: www.borncity.com/blog/2024/12/10/openwrt-upgrade-schwachstelle-cve-2024-54143-gefaehrdet-firmware-updates/
-
Google Launches Open Source Patch Validation Tool
by
in SecurityNewsVanir automates the process of scanning source code to identify what security patches are missing. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-open-source-patch-validation-tool
-
Neosync: Open-source data anonymization, synthetic data orchestration
by
in SecurityNewsNeosync is an open-source, developer-centric solution designed to anonymize PII, generate synthetic data, and synchronize environments for improved testing and debugging. What … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/10/neosync-open-source-data-anonymization-synthetic-data-orchestration/
-
Google Launches Open-Source Patch Validation Tool
by
in SecurityNewsVanir automates the process of scanning source code to identify what security patches are missing. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/google-open-source-patch-validation-tool
-
Google Announces Vanir, A Open-Source Security Patch Validation Tool
by
in SecurityNewsGoogle has officially launched Vanir, an open-source security patch validation tool designed to streamline and automate the process of ensuring software security patches are integrated effectively. The announcement was made following Vanir’s initial preview during the Android Bootcamp earlier this year in April. This powerful tool aims to bolster the security of the Android ecosystem by…
-
ML clients, ‘safe’ model formats exploitable through open-source AI vulnerabilities
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/ml-clients-safe-model-formats-exploitable-through-open-source-ai-vulnerabilities
-
5 Open-Source Incident Response Tools for MSSPs
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/native/5-open-source-incident-response-tools-for-mssps
-
Open Source Security Priorities Get a Reshuffle
by
in SecurityNewsThe Census of Free and Open Source Software report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components. First seen on darkreading.com Jump to article: www.darkreading.com/application-security/critical-open-source-rankings-shuffle-popularity-python-cloud-grows
-
Open-Source-Sicherheit – Sysdig kündigt Bedrohungs-Sammlung für Falco an
by
in SecurityNews
Tags: open-sourceFirst seen on security-insider.de Jump to article: www.security-insider.de/sysdig-kuendigt-bedrohungs-sammlung-fuer-falco-an-a-6e32a73e9e64dda59abe742df8eb2779/
-
CapibaraZero Firmware With ESP32-S3 Hardware Enables Low Cost Flipper Zero alternative
by
in SecurityNewsThe open-source tech landscape continues to innovate, and the release of the CapibaraZero firmware marks another breakthrough. Designed for ESP32-S3-based hardware platforms, CapibaraZero provides a low-cost alternative to the highly popular”, but expensive”, Flipper Zero, a multifunctional tool for penetration testers, ethical hackers, and tech enthusiasts. With its affordable hardware requirements and flexible firmware, CapibaraZero…
-
Google Open Sources Security Patch Validation Tool for Android
by
in SecurityNewsGoogle has announced the open source availability of Vanir, a patch validation tool for Android platform developers. The post Google Open Sources Security Patch Validation Tool for Android appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/google-open-sources-security-patch-validation-tool-for-android/
-
Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks
by
in SecurityNewsCybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution.The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month.Unlike the first…
-
8 biggest cybersecurity threats manufacturers face
by
in SecurityNews
Tags: access, ai, apt, attack, authentication, automation, awareness, business, china, cloud, computer, control, cyber, cyberattack, cybercrime, cybersecurity, data, data-breach, ddos, detection, email, encryption, exploit, extortion, firmware, framework, group, Hardware, india, infrastructure, intelligence, international, Internet, iot, iran, lazarus, leak, malicious, malware, monitoring, network, nis-2, north-korea, open-source, password, phishing, ransom, ransomware, regulation, risk, risk-analysis, risk-assessment, russia, service, software, strategy, supply-chain, technology, threat, update, vulnerability, windowsThe manufacturing sector’s rapid digital transformation, complex supply chains, and reliance on third-party vendors make for a challenging cyber threat environment for CISOs.Manufacturers, often prime targets for state-sponsored malicious actors and ransomware gangs, face the difficult task of maintaining cost-effective operations while modernizing their network infrastructure.”Many manufacturing systems rely on outdated technology that lacks modern…
-
NSFOCUS’s Coogo: An Automated Penetration Testing Tool
by
in SecurityNews
Tags: attack, cloud, container, cyber, network, open-source, penetration-testing, software, tool, vulnerabilityThe video above demonstrates an automated penetration test in a simple container escape scenario. In this video, in addition to using NSFOCUS’s open-source cloud-native cyber range software Metarget (for quickly and automatically building vulnerable cloud-native target machine environments), NSFOCUS’s own developed cloud-native attack suite Coogo is also utilized. Today, we will provide a brief introduction…The…
-
CISOs still cautious about adopting autonomous patch management solutions
by
in SecurityNews
Tags: automation, business, cisco, ciso, cloud, control, crowdstrike, cybersecurity, email, exploit, firmware, group, infosec, microsoft, open-source, regulation, risk, software, strategy, technology, update, vulnerability, windowsFailing to patch vulnerabilities keeps biting CISOs.The most recent evidence: Last month, the Five Eyes cybersecurity agencies in the US, the UK, Australia, Canada, and New Zealand reported that the top 15 vulnerabilities routinely exploited last year included one that dated back to 2020 (a Microsoft Netlogon hole); one that dated back to 2021 (in…
-
Latrodectus malware and how to defend against it with Wazuh
by
in SecurityNewsLatrodectus is a versatile malware family that infiltrate systems, steal sensitive data, and evades detection. Learn more from Wazuh about Latrodectus malware and how to defend against it using the open-source XDR. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/latrodectus-malware-and-how-to-defend-against-it-with-wazuh/
-
Die Software-Branche braucht Software Bills of Materials – Open Source kommt in Zukunft nicht ohne SBOM aus
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/open-source-software-braucht-sbom-a-ab67253f08be1785db87d428f45a297e/
-
Linux Foundation report highlights the true state of open source libraries in production apps
by
in SecurityNewsThere are many metrics to track the prevalence of open source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis…
-
Linux Foundation report highlights the true state of open-source libraries in production apps
by
in SecurityNewsThere are many metrics to track the prevalence of open-source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis (SCA)…
-
Security Risks Persist in Open Source Ecosystem
by
in SecurityNewsAn analysis by the Linux Foundation, OpenSSF and Harvard University found that there continues to be significant cybersecurity risks in open source software practices First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/security-risks-open-source/
-
Oracle’s Java price hikes push CIOs to brew new licensing strategies
by
in SecurityNewsUsers could save 50% with open source alternatives, says expert First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/oracle_java_cio/
-
SafeLine: Open-source web application firewall (WAF)
by
in SecurityNewsSafeLine is an open-source and self-hosted Web Application Firewall (WAF) that protects websites from cyber attacks. >>SafeLine WAF was created to protect web … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/safeline-open-source-web-application-firewall-waf/
-
70% of open-source components are poorly or no longer maintained
by
in SecurityNewsThe geographic distribution of open-source contributions introduces geopolitical risks that organizations must urgently consider, especially with rising nation-state attacks, … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/04/open-source-contributions-risks/
-
Discover the future of Linux security
by
in SecurityNewsExplore open source strategies to safeguard critical systems and data First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/discover_the_future_of_linux/
-
Nextcloud Talk: Open-source, GDPR-compliant alternative to Microsoft Teams
by
in SecurityNewsNextcloud has unveiled Nextcloud Talk, an open-source alternative to Microsoft Teams. It’s a privacy-compliant collaboration platform for hybrid teams that gives … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/12/03/nextcloud-talk-open-source-microsoft-teams-alternative/