open source

It’s time for a common sense security framework
Privacy Rights Clearinghouse maintains a database of every data breach made public since 2005, and as the total number of records rapidly approaches one billion, board …

Vulnerability opens FreeRADIUS servers to unauthenticated attackers
A vulnerability in the free, open source FreeRADIUS server could be exploited by remote attackers to bypass authentication via PEAP or TTLS. There is currently no indication …

Critical Samba code execution hole plugged, patch ASAP!
The developers of Samba have plugged a critical remote code execution flaw that could allow a malicious client to upload a shared library to a writable share, and then cause …

WordPress announces bug bounty program
WordPress Foundation is the latest organization to publicly announce a bug bounty program set up on the HackerOne platform. What’s in scope of the WordPress bug bounty …

Google found over 1,000 bugs in 47 open source projects
In the last five months, Google’s OSS-Fuzz program has unearthed over 1,000 bugs in 47 open source software projects, and it’s ready to integrate even more of …

If you downloaded HandBrake for Mac, you could be infected with Proton RAT
A mirror download server of HandBrake, a popular open source video conversion app for Mac, has been compromised, and the legitimate app .dmg file switched with a Trojanized …

Container Health Index: Red Hat’s standard for trusted containers
Red Hat introduced the Container Health Index, which provides a comprehensive image detail of any enterprise container service. The index grades all of Red Hat’s containerized …

SquirrelMail opens users to remote code execution
Users of open source webmail software SquirrelMail are open to remote code execution due to a bug (CVE-2017-7692) discovered independently by two researchers. “If the …

Top-ranked programming Web tutorials introduce vulnerabilities into software
Researchers from several German universities have checked the PHP codebases of over 64,000 projects on GitHub, and found 117 vulnerabilities that they believe have been …

Organizations are not effectively dealing with open source security threats
Black Duck conducts hundreds of open source code audits annually, primarily related to Merger & Acquisition transactions. Its Center for Open Source Research & …

Intel’s CHIPSEC can detect CIA’s OS X rootkit
As details about CIA’s hacking capabilities and tools are, bit by bit, popping to the surface, companies are trying to offer users some piece of mind. In the wake of …

Apache servers under attack through easily exploitable Struts 2 flaw
A critical vulnerability in Apache Struts 2 is being actively and heavily exploited, even though the patch for it has been released on Monday. System administrators are …
Featured news
Resources
Don't miss
- Signal blocks Microsoft Recall from screenshotting conversations
- The hidden gaps in your asset inventory, and how to close them
- CTM360 report: Ransomware exploits trust more than tech
- Lumma Stealer Malware-as-a-Service operation disrupted
- Data-stealing VS Code extensions removed from official Marketplace