DataBreaches
Daniela Hurtado reports: Several students’ records were found scattered on the road and sidewalks outside an elementary school in southwest Houston on...
SecurityWeek
CISA details its plan to support the open source software ecosystem and secure the use of open source software within the federal government.
Infosecurity News
Open source enterprise software users presented tools to automate SBOMs during the State of Open Con 23 conference in London
Infosecurity News
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software
ZDNet
The Google Open Source Maintenance Crew will support under-resourced critical open-source products to fix security issues.
SecurityWeek
Proton makes its open source Proton Pass password manager globally available for major browsers and mobile devices.
Security Affairs
The Open Source Security Foundation (OpenSSF) is working on a tool to conduct a dynamic analysis of packages uploaded to popular open-source repositories. The Open Source Security Foundation (OpenSSF) announced the release of the first version of a new tool, dubbed Package Analysis, to perform dynamic analysis of the packages uploaded to popular open-source repositories. […]
Bleeping Computer
Open source solutions allow organizations to customize and adapt their cybersecurity infrastructure to their specific needs. Learn more from @wazuh on building open source cybersecurity infrastructure.
Infosecurity News
The figures come from Synopsys’ new Open Source Security and Risk Analysis report
CyberSecurity Dive
The Open Source Security Foundation called on commercial and non-commercial organizations that use open source software components to adopt better security practices.
CSO
The viability of the Open Worldwide Application Security Project for the modern open-source software landscape has been called into question.
ZDNet
The Linux Foundation and Harvard's Lab for Innovation Science list the most important open-source application libraries.
Infosecurity News
Synopsys report reveals 74% of codebases now contain risky open source components
Latest Hacking News
The famous password management tool Dashlane has now decided to share its mobile app codes publicly. As explained, Dashlane open-sourced its mobile apps (Android and iOS) for increased transparency and enhanced development. Dashlane Open-sourced Mobile Apps As
The Hacker News
Google has announced the creation of a new "Open Source Maintenance Crew" to focus on improving the security of critical open source projects.
Infosecurity News
Applications for joining the Government Cyber Security Advisory Board are now open.
Security Affairs
Threat actors abuse open redirects on Snapchat and American Express to launch phishing attacks against Microsoft 365 users. Attackers abused open redirects on the websites of Snapchat and American Express as part of a phishing campaign targeting Microsoft 365 users. The term Open URL redirection, open redirects, refers to a security issue that makes it […]
SecurityWeek
Google has released its fuzzing framework in open source to boost the ability of developers and researchers to identify vulnerabilities.
Infosecurity News
Nominations are open for the eighth annual Security Serious Unsung Heroes Awards.
CSO
Bloodhound CE will include containerized deployment and REST APIs to help open source users with penetration tests.
SecurityWeek
Good open source and threat intelligence are derived from three core capabilities: Technical signature analysis, threat actor engagement, and open source intelligence research
Infosecurity News
Around $150m in funding will shape future of open source security
SecurityWeek
Concluding a two-day OSS security summit, CISA details key actions to help improve open source software security.
SecurityWeek
The Linux Foundation has announced OpenPubkey, an open source cryptographic protocol that should help boost supply chain security.
Ars Technica
"One of the largest counterfeit-trafficking operations ever."
DarkReading
Open source software dependencies are affecting the software security of different industries in different ways, with mature industries becoming more selective in their open source usage.
Bleeping Computer
Twitter announced on Friday that it's open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users' For You timeline.
CyberSecurity Dive
The program follows a surge in supply chain attacks impacting the open source software ecosystem.
SecurityWeek
Google introduces OSV-Scanner, a free scanner to help open source developers identify security flaws in their dependencies.
Infosecurity News
Two open source organizations have revealed attempts to socially engineer project takeovers
Bleeping Computer
The Open Source Security Foundation (OpenSSF), a Linux Foundation-backed initiative has released its first prototype version of the 'Package Analysis' tool that aims to catch and counter malicious attacks on open source registries. the open source tool released on GitHub was able to identify over 200 malicious npm and PyPI packages.
Cyber Security News
Zoom introduced the Open-Source Vulnerability Impact Scoring System. It provides the specification of version 1.0.
SecurityWeek
Google has officially announced the open sourcing of ‘Paranoid’, a project for identifying well-known weaknesses in cryptographic artifacts.
ZDNet
From ethical concerns, a desire for more money, and simple obnoxiousness, a handful of developers are ruining open-source for everyone.
Infosecurity News
New open source project set to reduce operational pain for SecOps analysts
ZDNet
The Assured Open Source Software service provides Google Cloud customers with the same open-source packages that Google uses itself.
Bleeping Computer
Wazuh is a free and open source security platform that provides unified SIEM and XDR protection. It protects workloads across on-premises, virtualized, containerized, and cloud-based environments. Wazuh is one of the fastest growing open source security solutions, with over 10 million downloads per year.
SecurityWeek
Zoom launches an open source Vulnerability Impact Scoring System (VISS) tested within its bug bounty program.
CSO
Protect AI has integrated open source LLM Guard into proprietary AI security capabilities after acquiring Laiyer AI.
The Hacker News
Researchers uncover first-ever open-source software supply chain attacks targeting banks!
Cyber Security News
Cybersecurity researchers at SOCRadar recently reported about an open-source botnet, Supershell, that obtains SSH shell access.
CyberSecurity Dive
Limited investment and slow remediation response continues to challenge open source software.
SecurityWeek
The open source platform Tazama provides cost-effective monitoring of digital financial transactions to prevent fraud in real time.
Infosecurity News
A panel of policy experts discuss how to improve global cooperation around open source software security
Infosecurity News
Checkmarx has identified two distinct open-source software supply chain attacks targeting the financial sector for the first time
The Record
The Senate Homeland Security Committee on Wednesday easily approved legislation to better secure open-source software.
DataBreaches
Simon Sharwood reports: Toyota has admitted to a pair of cyber-attacks. The first hit the European operations of its subsidiary Daihatsu Diesel Company, a...
ZDNet
JavaScript developer Marak Squires wasn't happy about not making money from his open-source libraries, so he deliberately corrupted them, leaving programmers and end-users with dead-in-the-water programs.
SecurityWeek
Several critical and high-severity vulnerabilities have been found in the Open Automation Software Platform, used for connectivity between ICS, databases and apps.
The Hacker News
Wazuh open-source platform combines XDR & SIEM capabilities to protect businesses from evolving threats.
Bleeping Computer
Unknown threat actors have uploaded a total of 144,294 phishing-related packages on the open-source package repositories NuGet, PyPI, and NPM.
CSO
The paid Assured Open Source Software service will offer common open-source packages after vetting the provenance of its code and dependencies.
The Record
Hackers targeted Ukrainian government agencies with a phishing campaign using an open-source program called MerlinAgent, according to the latest research.
DataBreaches
To celebrate Franco-German friendship, German Transport Minister Wissing and his French counterpart Beaune came up with something special: 30,000 free...
CSO
While open source software is the bedrock of modern software development, it is also the weakest link in the software supply chain, according to a report by Endor Labs.
CSO
GitGuardian says its new open-source canary tokens project helps businesses detect breaches as they unfold.
SecurityWeek
Multiple vulnerabilities in Sceiner firmware allow attackers to compromise several smart lock brands and open doors.
SecurityWeek
Data security firm Open Raven has raised $20 million in a Series B funding round that brings the total amount raised by the company to $40 million.
SecurityWeek
OpenSSF introduces the Package Analysis project, a novel effort aimed at securing popular open source packages.
CyberSecurity Dive
Enterprise adoption of open source has not cooled, but flaws have highlighted the need for a better understanding of dependencies.
SecurityWeek
As part of its new Open Source Software Vulnerability Rewards Program (OSS VRP), Google is offering bug bounty payouts of up to $31,337.
Bleeping Computer
Open source software hosting provider Fosshost will no longer be providing services as it reaches end of life. Fosshost project volunteers announced the development this weekend following months of difficulties in reaching the leadership including the CEO.
SecurityWeek
NCC Group security researchers have identified 11 vulnerabilities impacting Nuki smart lock products, including some that allow attackers to open doors.
CSO
It’s easier to find and fix bugs in open-source software, but that's no help if organizations use old, unpatched versions.
CSO
ServiceNow Vulnerability Response users will now have access to Snyk’s product that scans open source code during the development process.
SecurityWeek
CISA and the NSA have published considerations on the benefits and security of implementing an Open Radio Access Network (RAN) architecture.
Bleeping Computer
Google will now pay security researchers to find and report bugs in the latest versions of Google-released open-source software (Google OSS).
The Hacker News
Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
SecurityWeek
Vulnerability in Dormakaba’s Saflok electronic locks allow hackers to forge keycards and open millions of doors.
Ars Technica
"The open in OpenAI means that everyone should benefit from the fruits of AI after it's built."
The Hacker News
Google on Tuesday announced the open source availability of OSV-Scanner, a scanner that aims to offer easy access to vulnerability information about v
SecurityWeek
Google shows how RETVec, a new and open source text vectorizer, can improve the detection of phishing attacks and spam.
The Record
A school district in Pennsylvania kept its doors open on Friday despite announcing a ransomware attack that caused disruptions to its computer systems.
Security Affairs
LogoKit – Threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters in phishing campaigns. Resecurity, Inc. (USA), a Los Angeles-based cybersecurity company providing managed threat detection and response for Fortune 500’s, identified threat actors leveraging Open Redirect Vulnerabilities popular in online services and apps to bypass spam filters […]
The Hacker News
Two major vulnerabilities in open-source CasaOS personal cloud software could allow attackers to gain full control of your system.
SecurityWeek
The CloudGrappler open source tool can detect the presence of known APT threat actors in cloud environments.
The Hacker News
Open source repositories under attack: hackers flood NuGet, NPM, and PyPi with over 144,000 malicious packages
The Hacker News
Google open sources Magika, an AI-powered tool that boosts file type identification accuracy by 30%, helping defenders more easily identify malicious
The Hacker News
A sophisticated North Korean state-sponsored hacker group has been observed weaponizing open-source Software.
ZDNet
A programmer behind the popular open-source npm program node-ipc poisoned it with malware that erased the hard drives of computers located in Russia or Belarus.
Bleeping Computer
Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Moq's 4.20.0 release from this week included another project, SponsorLink, which caused an uproar among open source software consumers, who likened the move to a breach of trust.
SecurityWeek
Israel-based ARMO raises $30 million in a Series A funding round for its open source Kubernetes security platform.
CyberSecurity Dive
Public cloud plays a central role in the modernization of wireless networks. But more open source software, vendors and vulnerabilities could spell trouble.
DataBreaches
The Financial Express reports: The National Telecommunication Monitoring Centre (NTMC) in Bangladesh has exposed a database to the open web. The types of data...
The Hacker News
The OpenSSF project has released a tool that scans popular open-source repositories for malicious packages.
SecurityWeek
Open redirect vulnerabilities in American Express and Snapchat were exploited in phishing attacks for months.
Bleeping Computer
Target, one of the largest American department store chains and e-commerce retailers, has open sourced 'Merry Maker' - its years-old proprietary scanner for payment card skimming.
Bleeping Computer
Microsoft says the North Korean-sponsored Lazarus threat group is trojanizing legitimate open-source software and using it to backdoor organizations in many industry sectors, such as technology, defense, and media entertainment.
Bleeping Computer
Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of code authors.
SecurityWeek
A high-severity vulnerability in the JsonWebToken open source project could be exploited to achieve remote code execution.
SecurityWeek
Microsoft has released an open source tool that can be used to secure MikroTik routers and check for signs of Trickbot malware.
Latest Hacking News
Target has used its Merry-Maker card skimmer scanning tool for over 1 million website scans before releasing it as open source.
The Hacker News
Google security engineer Simon Scannell has found a critical RCE vulnerability in the open source ClamAV antivirus engine.
SecurityWeek
A group of academic researchers have designed an open source Node.js vulnerability hunting tool that has already identified 180 security flaws.
Security Affairs
Experts found multiple flaws, collectively named PixieFail, in the network protocol stack of an open-source reference implementation of the UEFI
Cyber Security News
Open Source Firewall are best known for protecting network from threat by filtering the inbound and out bound traffic and ensure the network security.
Trend Micro
In this blog entry, we discuss how open-source code has been subjected to protest-driven code modifications by its maintainers or backers. We also provide an analysis of what these incidents could mean for the IT industry and the open source community.
Bleeping Computer
A recently uncovered phishing campaign is targeting Microsoft 365 accounts of key executives in U.S.-based organizations by abusing open redirects from the Indeed employment website for job listings.
CyberSecurity Dive
The supply chain attack represents a potential risk to organizations using open source, researchers from SentinelOne and Checkmarx say.
CyberSecurity Dive
Federal agencies put out a request for information Thursday, building on Biden administration priorities to help secure open source post-Log4j.
Loading more articles....