Tag: open-source
-
Critical Vulnerability Found in Zabbix Network Monitoring Tool
by
in SecurityNewsA critical-severity vulnerability in open source enterprise network monitoring tool Zabbix could lead to full system compromise. The post Critical Vulnerability Found in Zabbix Network Monitoring Tool appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/critical-vulnerability-found-in-zabbix-network-monitoring-tool/
-
Open source router firmware project OpenWrt ships its own entirely repairable hardware
by
in SecurityNews‘Forever unbrickable’ Wi-Fi 6 box from Banana Pi comes packaged or in kit form First seen on theregister.com Jump to article: www.theregister.com/2024/12/02/openwrt_one_foss_wifi_router/
-
Check Point entdeckt Typosquatting-Kampagne über PyPI
by
in SecurityNewsFür Sicherheitskräfte ist es wichtig, auf das inhärente Risiko hinzuweisen, das mit Open-Source-Komponenten verbunden ist, auch angesichts der zunehme… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-typosquatting-kampagne-ueber-pypi/a36934/
-
Logpoint kommentiert XZ Utils Sicherheitslücke in der SoftwareChain
by
in SecurityNewsInsgesamt unterstreicht der Vorfall die Notwendigkeit einer verstärkten Aufmerksamkeit für die Sicherheitsaspekte von Open-Source-Software und die Bed… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/logpoint-kommentiert-xz-utils-sicherheitsluecke-in-der-software-supply-chain/a37025/
-
JFrog fördert sichere KI-Entwicklung mit Integration von Databricks MLflow
by
in SecurityNewsDie neue JFrog Artifactory-Integration bietet Entwicklern und Data Scientists eine Open Source Software-Lösung, um die Entwicklung von ML-Modellen zu … First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-foerdert-sichere-ki-entwicklung-mit-integration-von-databricks-mlflow/a37220/
-
Sysdig unterstützt AWS-Kunden bei der Einhaltung von KI-Richtlinien
by
in SecurityNewsSysdig, bekannt für die Entwicklung von Falco, dem Open-Source-Standard für Cloud-Bedrohungserkennung, unterstreicht die Wichtigkeit einer schnellen R… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/sysdig-unterstuetzt-aws-kunden-bei-der-einhaltung-von-ki-richtlinien/a37639/
-
SpaceNet bietet neue Cloud-Lösung auf Basis der KVM-Open-Source-Technologie
by
in SecurityNewsEines der größten Unterscheidungsmerkmale von SpaceNet gegenüber Hyperscalern ist die ausgeprägte Service-Mentalität. Die Integration eines Cloud-Ange… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/spacenet-bietet-neue-cloud-loesung-auf-basis-der-kvm-open-source-technologie/a37932/
-
Venafi veröffentlicht Forschungsbericht über Risiken von KI-generiertem und Open-Source-Code
by
in SecurityNewsNeue Venafi-Studie zeigt, dass KI- und Open-Source-gestützte Entwicklung die Sicherheit gefährdet – viele Sicherheitsverantwortliche wollen KI-Code ve… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/venafi-veroeffentlicht-forschungsbericht-ueber-risiken-von-ki-generiertem-und-open-source-code/a38359/
-
Tanium kommentiert die Nutzung von Open Source Software und deren Gefahren
by
in SecurityNewsAngesichts der zunehmenden Cyberbedrohungen ist ein proaktiver und ganzheitlicher Ansatz für die IT-Sicherheit unerlässlich. Moderne Sicherheitslösung… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/tanium-kommentiert-de-nutzung-von-open-source-software-und-deren-gefahren/a38641/
-
Kann Open-Source-Software sicher sein?
by
in SecurityNewsFirst seen on welivesecurity.com Jump to article: www.welivesecurity.com/de/we-live-progress/kann-open-source-software-sicher-sein/
-
Penetration Testing on MYSQL (Port 3306)
by
in SecurityNewsMySQL is an open-source Relational Database Management System (RDBMS). It is widely used for managing and organizing data in a structured format, usin… First seen on hackingarticles.in Jump to article: www.hackingarticles.in/penetration-testing-on-mysql-port-3306/
-
Solana Program Security Part1
by
in SecurityNewsSolana is a web-scale, open-source blockchain protocol that is fast, secure, and fully decentralized. The protocol introduces eight core technologies … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2021/09/15/solana-program-security-part1/
-
GPG Memory Forensics
by
in SecurityNewsPretty Good Privacy (PGP) and the open source implementation GNU Privacy Guard (GPG) are encryption solutions following the OpenPGP standard. Even if … First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2022/06/16/gpg-memory-forensics/
-
Presenting zekrom: a library of arithmetization-oriented constructions for zkSNARK circuits. Part 1: arkworks-rs
by
in SecurityNews
Tags: open-sourcezekrom is an open-source library of arithmetization-oriented constructions for zkSNARK circuits. It was created as part of the MSc thesis work of Laur… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/05/30/presenting-zekrom-a-library-of-arithmetization-oriented-constructions-for-zksnark-circuits-part-1-arkworks-rs/
-
Presenting zekrom: A library of arithmetization-oriented constructions for zk-SNARK circuits. Part 2: Halo2
by
in SecurityNews
Tags: open-sourcezekrom is an open-source library of arithmetization-oriented constructions for zkSNARK circuits. It was created as part of the MSc thesis work of Laur… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/07/04/presenting-zekrom-a-library-of-arithmetization-oriented-constructions-for-zk-snark-circuits-part-2-halo2/
-
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
by
in SecurityNewsKudelski Security has developed an open-source solution named YouShallNotPass (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP vali… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/01/youshallnotpass-hardening-ci-cd-pipelines-on-mission-critical-environments/
-
The KyberSlash vulnerability and the crystals-go library: A retrospective story
by
in SecurityNewsIntroduction In this blog post we are going to talk about a security incident which involved an open-source library developed by a student working on
-
The Hidden Dangers in Open Source Libraries: A Closer Look at the Malicious Go Binary Hidden in a PyPI Package
by
in SecurityNewsFirst seen on thefinalhop.com Jump to article: www.thefinalhop.com/the-hidden-dangers-in-open-source-libraries-a-closer-look-at-the-malicious-go-binary-hidden-in-a-pypi-package/
-
CVE-2024-3094: Malicious Code in XZ Utils Enables RCE on Linux Systems
by
in SecurityNewsA recent analysis has revealed that the malicious code embedded in the widely-used open-source library XZ Utils (present in multiple Linux distros) ca… First seen on sensorstechforum.com Jump to article: sensorstechforum.com/cve-2024-3094-xz-utils-linux/
-
Cyberkriminelle missbrauchen die Gaming Godot-Engine für Schadcode-Angriffe
by
in SecurityNewsDie Nutzung der Godot-Engine durch Cyberkriminelle zeigt, wie Open-Source-Software für bösartige Zwecke missbraucht werden kann. Angriffe wie diese stellen eine ernsthafte Bedrohung für Entwickler und Spieler dar und verdeutlichen die Notwendigkeit von Sicherheitsbewusstsein in der Gaming-Industrie. First seen on infopoint-security.de Jump to article: www.infopoint-security.de/cyberkriminelle-missbrauchen-die-gaming-godot-engine-fuer-schadcode-angriffe/a39105/
-
Wie man Videospiel-Engines für Hacking missbraucht
by
in SecurityNewsCheck Point Software Technologies kam einer neuen Hacker-Masche auf die Spur. Mithilfe der Gaming-Engine können Cyberkriminelle verschiedene Betriebssysteme von vernetzten Geräten attackieren, darunter Windows, MacOS, Linux, Android und iOS. Verbreitet wird der schädliche Code von dem Malware-Netzwerk , die Check Point vor einigen Monaten untersucht hatte, über die Open-Source-Plattform Github. In […] First seen on…
-
Popular game script spoofed to infect thousands of game developers
by
in SecurityNewsA malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
Critical Flaw in ProjectSend Under Active Exploitation Against Public-Facing Servers
by
in SecurityNewsA critical security flaw impacting the ProjectSend open-source file-sharing application has likely come under active exploitation in the wild, according to findings from VulnCheck.The vulnerability, originally patched over a year-and-a-half ago as part of a commit pushed in May 2023 , was not officially made available until August 2024 with the release of version r1720.…
-
Why Reachability Analysis is the Next Wave of Innovation for Software Composition Analysis (SCA)
by
in SecurityNewsThe 2024 Open Source Security and Risk Analysis (OSSRA) report by Black Duck Software (ex Synopsys Software Integrity Group) found that 96% of applications contain open-source components, with an average of 526 components per application. Hence, it becomes critical to use a modern Software Composition Analysis (SCA) solution to manage large volumes of open-source components…
-
ProjectSend Authentication Vulnerability Exploited in the Wild
by
in SecurityNewsProjectSend, an open-source file-sharing web application, has become a target of active exploitation following the recent assignment of CVE-2024-11680 on November 25, 2024. Despite the availability of a patch for more than a year, adoption rates remain alarmingly low, leaving many instances vulnerable to attack. ProjectSend Authentication Vulnerability ProjectSend is moderately popular, with nearly 1,500…
-
Cybersecurity Alert: MUT-8694 Supply Chain Attack Targets npm and PyPI Ecosystems
by
in SecurityNewsThe open-source ecosystem has once again become the battleground for cybercriminals, as Datadog’s Security Research team uncovered a coordinated supply chain attack by an enigmatic threat actor designated MUT-8694. Leveraging... First seen on securityonline.info Jump to article: securityonline.info/cybersecurity-alert-mut-8694-supply-chain-attack-targets-npm-and-pypi-ecosystems/
-
Hottest cybersecurity open-source tools of the month: November 2024
by
in SecurityNewsThis month’s roundup features exceptional open-source cybersecurity tools that are gaining attention for strengthening security across various environments. ScubaGear … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/27/open-source-cybersecurity-tools-november-2024/
-
New Sysdig CEO: Focus on Falco, AI and Fast Threat Response
by
in SecurityNewsNew Sysdig CEO Bill Welch Aims to Expand Real-Time Response and GSI Partnerships. New CEO Bill Welch discusses Sysdig’s cloud security strategy, emphasizing AI, open-source leadership with Falco, and expansion plans to serve SMBs and midmarket businesses. He shares goals for real-time response and building a sustainable, profitable company. First seen on govinfosecurity.com Jump to…
-
Starbucks operations hit after ransomware attack on supply chain software vendor
by
in SecurityNews
Tags: ai, attack, ceo, control, crowdstrike, cybersecurity, hacker, monitoring, open-source, privacy, programming, radius, ransomware, risk, risk-assessment, service, software, supply-chain, tool, vulnerabilityStarbucks is grappling with operational challenges after a ransomware attack on a third-party software provider, affecting the company’s ability to process employee schedules and payroll, according to Reuters.Last week, Blue Yonder, a UK-based supply chain software vendor serving Starbucks and other retailers, acknowledged experiencing service disruptions due to a ransomware attack.”Blue Yonder experienced disruptions to…