Security News

OpenTofu is an open-source alternative to Terraform's widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform's recently announced license change from a Mozilla Public License v2.0 to a Business Source License v1.1, providing everyone with a reliable, open-source alternative under a neutral governance model.

Kubernetes has become a critical part of the infrastructure for many organizations. With its widespread adoption, Kubernetes environments have also become a target for cyber threats.

A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. "If you used our Solidity SDK to extend our base contract or built a custom contract, we don't believe the vulnerability extends to your contract," explains Thirdweb, adding that this is not a guarantee because they "Are unable to audit individual contracts."

SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user's session token and checks for a list of URLs if access is possible, highlighting potential authorization issues.

Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software. The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.

German company Nitrokey has released NetHSM 1.0, an open-source hardware security module. "Your private keys are kept secure inside the NetHSM, in case of server hacks and the physical compromise of your data center. NetHSM allows you to easily fulfill security compliance requirements," the company says.

Mosint is an automated email OSINT tool written in Go designed to facilitate quick and efficient investigations of target emails. It integrates multiple services, providing security researchers with rapid access to a broad range of information.

Vigil is an open-source security scanner that detects prompt injections, jailbreaks, and other potential threats to Large Language Models. "I've been really excited about the possibilities of LLMs, but have also noticed the need for better security practices around the applications built around them and the data we give the applications access to. This project gave me a great chance to build something at the intersection of AI and cybersecurity. Hopefully it is providing other security researchers and developers a start in experimenting with existing LLM input and output safety measures, and even creating their own. More"whats possible" than anything I'd expect to be used directly in production," Adam M. Swanda, the creator of Vigil, told Help Net Security.

AWS Kill Switch is an open-source incident response tool for quickly locking down AWS accounts and IAM roles during a security incident. "I recently left my role as Sr. Director, Security Engineering at Robinhood and have been using my free time to sharpen my skills as an individual contributor and contribute to open source. I find it stimulating and a great way to build stronger ties with the security community," Jeffrey Lyon, the creator of AWS Kill Switch, told Help Net Security.

Blender has confirmed that recent site outages have been caused by ongoing DDoS attacks that started on Saturday. "Since last Saturday, 18 November, the blender.org servers are under a DDoS attack; bringing down our servers by overloading them with requests," reads the announcement.