Security News

Google Releases Open Source Tools and Libraries for Fully Homomorphic Encryption
2021-06-16 13:37

Google this week announced that it has released open source tools and libraries that can be used by developers to implement fully homomorphic encryption. FHE enables the processing of encrypted data without providing access to the actual data.

Open source UChecker tool detects vulnerable libraries on Linux servers
2021-06-16 03:00

CloudLinux announced UChecker, a free open source tool that scans Linux servers for vulnerable libraries that are outdated and being used by other applications. This provides detailed actionable information regarding which application is using which vulnerable library and needs to be updated, which helps improve the security awareness patching process.

Anyscale Ray 1.0: Providing universal serverless compute API and expanded ecosystem of libraries
2020-10-02 00:30

Anyscale announced Ray 1.0, the latest version of the Ray open source project. Ray 1.0, which provides a universal serverless compute API and an expanded ecosystem of libraries, was shared with attendees at the first annual Ray Summit, along with the announcement of the private beta of Anyscale's managed Ray platform.

Open source libraries a big source of application security flaws
2020-05-27 10:27

How many vulnerabilities lurk inside the bazillions of open source libraries that today's developers happily borrow to build their applications? Predictably, the answer is a lot, at least according to application security company Veracode which decided to scan 85,000 applications to see how many flaws it could turn up in the 351,000 libraries used by them.

How secure are open source libraries?
2020-05-21 04:30

Seven in 10 applications have a security flaw in an open source library, highlighting how use of open source can introduce flaws, increase risk, and add to security debt, a Veracode research reveals. An application's attack surface is not limited to its own code and the code of explicitly included libraries, because those libraries have their own dependencies.

Bitcoin Stealers Hide in 700+ Ruby Developer Libraries
2020-04-20 16:23

A legitimate file may be called "Thisisafile.exe," while a malicious impersonator may call itself "This1safile.exe." Unobservant users could thus download the malicious file by mistake. If developers accidentally downloaded the rogue files instead of the legitimate gems they were looking for, the software packages they built using the libraries would automatically harbor the Bitcoin-stealer, endangering all users of that software.

Over 700 Malicious Typosquatted Libraries Found On RubyGems Repository
2020-04-16 05:59

As developers increasingly embrace off-the-shelf software components into their apps and services, threat actors are abusing open-source repositories such as RubyGems to distribute malicious packages, intended to compromise their computers or backdoor software projects they work on. In the latest research shared with The Hacker News, cybersecurity experts at ReversingLabs revealed over 700 malicious gems - packages written in Ruby programming language - that supply chain attackers were caught recently distributing through the RubyGems repository.

Framework Isolates Libraries in Firefox to Improve Security
2020-02-27 13:35

A group of researchers has built a sandbox framework that can improve the security of Firefox by isolating third-party libraries used by the browser. Similar to other major browsers, Firefox relies on third-party libraries to render content - such as audio, video, and images - and these libraries often introduce additional vulnerabilities, researchers from the University of California San Diego, University of Texas at Austin, Stanford University and Mozilla say.

Machine-raiding Python libraries squashed by community
2019-12-05 16:55

Python developers have once again fallen victim to malicious software libraries lurking in their favourite package manager.

Today's Resident Evil: Ransomware crooks think local, not global, prey on schools, towns, libraries, courts, cities...
2019-08-28 23:50

Small governments make up two-thirds of infections observed by infosec bods Ransomware criminals have taken a particular shine to US city and state governments, infecting them with file-scrambling...