Surge in cyber attacks targeting open source software projects
There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. Rise of next-gen …
open source
Open source tool Infection Monkey allows security pros to test their network like never before
Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation (BAS) tool that maps to the MITRE ATT&CK knowledge base and …
PE Tree: Free open source tool for reverse-engineering PE files
PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity …
New Open Source Security Foundation wants to improve open source software security
The Linux Foundation announced the formation of the Open Source Security Foundation (OpenSSF), a cross-industry collaboration that brings together leaders to improve the …
Bug in widely used bootloader opens Windows, Linux devices to persistent compromise
A vulnerability (CVE-2020-10713) in the widely used GRUB2 bootloader opens most Linux and Windows systems in use today to persistent compromise, Eclypsium researchers have …
DeimosC2: Open source tool to manage post-exploitation issues
TEAMARES launched DeimosC2, addressing the market need for a cross-compatible, open source Command and Control (C2) tool for managing compromised machines that includes mobile …
REMnux toolkit for malware analysis version 7 released
REMnux is a popular Linux-based toolkit for reverse-engineering malicious software which malware analysts have been relying on for more than 10 years to help them quickly …
A look at modern adversary behavior and the usage of open source tools in the enterprise
Leszek Miś is the founder of Defensive Security, a principal trainer and security researcher with over 15 years of experience. Next week, he’s running an amazing online …
Elasticsearch security: Understand your options and apply best practices
The ever-escalating popularity of Elasticsearch – the distributed open source search and log analytics engine that has become a staple in enterprise application developers’ …
New vulnerabilities in open source packages down 20% compared to last year
New vulnerabilities in open source packages were down 20% compared to last year suggesting security of open source packages and containers are heading in a positive direction, …
2019 was a record year for OSS vulnerabilities
Total vulnerabilities in OSS more than doubled in 2019 from 421 Common Vulnerabilities and Exposures (CVEs) in 2018 to 968 last year, according to a RiskSense report. Top 10 …
Cooking up secure code: A foolproof recipe for open source
The use of open source code in modern software has become nearly ubiquitous. It makes perfect sense: facing ever-increasing pressures to accelerate the rate at which new …
