open source

Vulnerabilities

Issued by: Help Net Security

Growing reliance on open source libraries leaves many companies vulnerable

Organizations are becoming increasingly dependent on open source libraries (OSLs) to develop code for software and websites. However, Jing Xie, senior threat intelligence researcher for Venafi, warns that the growing reliance on OSLs for software development leaves many companies vulnerable to trust-based attacks. Cybercriminals use trust attacks to maliciously manipulate and insert code into open…

Malware & Threats

Issued by: Help Net Security

Framing supply chain attacks

The increase in the demand for innovative software has effectively reshaped the software development industry itself. Today, speed and agility are paramount and development teams are pushed to deliver highly advanced applications in record time — which means that writing every single line of code from the ground up is often not a sustainable practice….

Vulnerabilities

Issued by: Help Net Security

For recent big data software vulnerabilities, botnets and coin mining are just the beginning

The phrase “with great power comes great responsibility” was excellent advice when Ben Parker said it to his nephew Peter, aka Spiderman. It is even more applicable to any organization using open source software to manage their big data analysis. This is especially true since, in 2018, significant vulnerabilities were identified and disclosed for both…

Software Security

Issued by: Help Net Security

Ubuntu 17.10 brings enhanced security and productivity for developers

Canonical released Ubuntu 17.10 featuring a new GNOME desktop on Wayland, and new versions of KDE, MATE and Budgie. On the cloud, 17.10 brings Kubernetes 1.8 for hyper-elastic container operations, and minimal base images for containers. Enhanced security and productivity for developers The Atom editor and Microsoft Visual Studio Code are emerging as the new wave of…

Network Security

Issued by: Help Net Security

Why end-to-end encryption is about more than just privacy

The question of whether regular people need end-to-end encryption will surely be debated for quite some time. But for Alan Duric, CEO and co-founder of Wire, the question can only have a positive answer. As he told the audience at the FSec security symposium in Varazdin, Croatia, end-to-end encryption is about more than just privacy…

Vulnerabilities

Issued by: Help Net Security

Equifax attackers got in through an Apache Struts flaw?

Have the attackers responsible for the Equifax data breach exploited a vulnerability in Apache Struts, a popular open source framework for developing web applications, to compromise the company’s networks? Equifax has yet to share more details about how the attack was pulled off, but a report by financial services firm Robert W. Baird & Co….