Security News

The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Check Point researchers have observed around 120 different malicious campaigns leveraging the malware, hitting devices around the world, but primarely in the US, China, India and Indonesia.

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it...

Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. eBPF is a technology originating from the Linux kernel that allows sandboxed programs to run in a privileged context, such as the operating system kernel.

SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection, network security monitoring, and threat hunting. Since all the data in SELKS is generated by the Suricata engine, it is popular among network security practitioners who explore the capabilities of Suricata IDS/IPS/NSM and analyze the network protocol monitoring logs and alerts it generates.

In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security. Un-vetted open-source tools can certainly reduce system security.

Ghidra, a cutting-edge open-source software reverse engineering framework, is a product of the National Security Agency Research Directorate. The framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux.

Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. Cloud-based data storage and analytics company Snowflake has recently stated that attackers have accessed accounts of some of its customers by leveraging compromised credentials.

Many of the underlying open-source projects are unvetted for the purpose of AI. In return for the massive financial benefits corporations receive by leveraging open source in AI, it is in their best interest to contribute towards community efforts and to the foundational security of the open-source components up front. Making deep and lasting positive change for security universally will require collaboration across industry participants, both for ease and financial gain, as well as to avoid the involvement of further oversight by governmental organizations in both the open source and private sectors.

Radare is an open-source UNIX-like reverse engineering framework and command-line toolset. "I started the project in 2006 when I was working as a forensic analyst, and I wrote a simple command-line hexadecimal editor to scan a hard drive looking for keywords and dump the results to disk to recover some files. Over time, the project evolved to meet my diverse requirements, serving as a debugger, a disassembler, and a platform for exploring various architectures. It proved invaluable during CTF competitions, at work, and for personal reverse engineering projects," Sergi Àlvarez, the creator of Radare, told Help Net Security.

Sniffnet is a free, open-source network monitoring tool to help you easily track your Internet traffic. Unlike most network analyzers, Sniffnet is built to be easily usable by everyone, regardless of technical expertise.