open source

Mobile Security

Issued by: Security Week

Some mobile applications use built-in browsers to allow users to quickly access third-party websites. Other apps include a browser to load their own resources, which may be needed to perform various activities. However, these internal browsers could also pose security and privacy risks. Researcher Felix Krause published a blog post earlier this month claiming that…

Software Security

Issued by: Help Net Security

Scribe Security released Scribe Integrity, a code integrity validator that authenticates open-source and proprietary source code, and an integral building block of its platform solving the software supply chain security challenge. Scribe Integrity provides developers with an added layer of visibility, allowing developers peace of mind that the code they are using is safe. Scribe…

Application Security

Issued by: Security Week

The funding round was co-led by Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA). Founded a decade ago, ForAllSecure is focused on automating software testing to improve security, and already serves Fortune 1000 companies in sectors such as aerospace, automotive, and high-tech, as well as the US military. Named Mayhem, the company’s autonomous security…

Software Security

Issued by: Dark Reading

Open source software is ubiquitous. It has become an unequaled driver of technological innovation because organizations that use it don’t have to reinvent the wheel for common software components. However, the ubiquity of open source software also presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently)…

Vulnerabilities

Issued by: Dark Reading

Recent high-profile cybersecurity incidents such as the SolarWinds attack and the Apache Log4j vulnerability have exposed the threats associated with the software supply chain. These can range from fairly simple exploits of known vulnerabilities to very sophisticated attacks, sponsored by nation-state actors. The annual spending on enterprise software — also known as commercial off-the-shelf or…

Malware & Threats

Issued by: Dark Reading

DevOps security firm JFrog released three open source security tools in response to recent issues with software registry npm to help JavaScript developers detect and prevent the installation of problematic packages. Software supply chain attacks are becoming a big problem in the open source software ecosystem, with attackers sneaking information stealers, keyloggers, and other types…

Vulnerabilities

Issued by: Help Net Security

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…

Application Security

Issued by: Security Week

First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks. L0phtCrack was originally developed by Peiter Zatko, also known as Mudge, of the L0pht hacker think tank. L0pth then merged with @stake, which was acquired by Symantec in 2004. It…