open source Archives - Page 2 of 5 - Cyber Security Minute

Application Security Firm ForAllSecure Raises $21 Million

Issued by: Security Week

The funding round was co-led by Koch Disruptive Technologies (KDT) and New Enterprise Associates (NEA). Founded a decade ago, ForAllSecure is focused on automating software testing to improve security, and already serves Fortune 1000 companies in sectors such as aerospace, automotive, and high-tech, as well as the US military. Named Mayhem, the company’s autonomous security…

Software Security

Open Source Code: The Next Major Wave of Cyberattacks

Issued by: Dark Reading

Open source software is ubiquitous. It has become an unequaled driver of technological innovation because organizations that use it don’t have to reinvent the wheel for common software components. However, the ubiquity of open source software also presents a significant security risk, as it opens the door for vulnerabilities to be introduced (intentionally or inadvertently)…

Vulnerabilities

Log4j and the Role of SBOMs in Reducing Software Security Risk

Issued by: Dark Reading

Recent high-profile cybersecurity incidents such as the SolarWinds attack and the Apache Log4j vulnerability have exposed the threats associated with the software supply chain. These can range from fairly simple exploits of known vulnerabilities to very sophisticated attacks, sponsored by nation-state actors. The annual spending on enterprise software — also known as commercial off-the-shelf or…

Malware & Threats

JFrog’s New Tools Flag Malicious JavaScript Packages

Issued by: Dark Reading

DevOps security firm JFrog released three open source security tools in response to recent issues with software registry npm to help JavaScript developers detect and prevent the installation of problematic packages. Software supply chain attacks are becoming a big problem in the open source software ecosystem, with attackers sneaking information stealers, keyloggers, and other types…

Software Security

U.S. Government, Tech Giants Discuss Open Source Software Security

Issued by: Security Week

The recent disclosure and exploitation of vulnerabilities affecting the widely used Log4j logging utility have once again highlighted the importance of open source security and software supply chain security. The goal of the White House summit was to identify ways to improve the security of open source software and effectively support the open source community….

Vulnerabilities

Log4Shell is a dumpster fire that should have been avoided

Issued by: Help Net Security

On Thursday, December 9, 2021, my young, Minecraft-addicted kids were still completely oblivious of the Log4j vulnerabilities in their favorite game. Then again, so was every cybersecurity professional in the world. That all changed when the Apache Log4j project announced CVE-2021-44228 (aka Log4Shell) – a zero-day vulnerability in Log4j’s standardized method of handling log files…

Network Security

RPC Firewall Dubbed ‘Ransomware Kill Switch’ Released to Open Source

Issued by: Security Week

Today at Black Hat London, Zero Networks announced the release of its RPC firewall – also dubbed the ‘ransomware kill switch’ – into open source. The tool provides granular control over RPC, capable of blocking the use of lateral movement hacker tools and stopping almost all ransomware in its tracks. Microsoft’s Remote Procedure Call (MS-RPCE)…

Application Security

Password Auditing Tool L0phtCrack Released as Open Source

Issued by: Security Week

First released in 1997, L0phtCrack can be used to test password strength and recover lost Windows passwords via dictionary, brute-force, and other types of attacks. L0phtCrack was originally developed by Peiter Zatko, also known as Mudge, of the L0pht hacker think tank. L0pth then merged with @stake, which was acquired by Symantec in 2004. It…

Vulnerabilities

GitKraken Vulnerability Prompts Action From GitHub, GitLab, Bitbucket

Issued by: Security Week

Discovered in the open source library that the Git GUI client uses for SSH key generation, the issue affects all keys issued using versions 7.6.x, 7.7.x, and 8.0.0 of GitKraken. The security hole was identified in late September and was addressed with the release of GitKraken version 8.0.1. The SSH key generation library was replaced…

Application Security

Google Pledges $1 Million to Secure Open Source Program

Issued by: Security Week

The pilot program financially rewards developers who help improve the security of critical open source projects and is meant to complement existing vulnerability management programs. Committed to boost the security of the open source ecosystem, the Internet search giant recently pledged $100 million in support for projects that aim to fix vulnerabilities in open source…