Security News

Quicmap is a fast, open-source QUIC service scanner that streamlines the process by eliminating multiple tool requirements. It effectively identifies QUIC services, the protocol version, and the supported ALPNs.

The Mobile Security Framework is an open-source research platform for mobile application security, encompassing Android, iOS, and Windows Mobile. MobSF can be used for mobile app security assessment, penetration testing, malware analysis, and privacy evaluation.

There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. Other providers of open source password solutions are a hybrid between open source and proprietary - their code is based on an open source distribution but has modifications or is packaged in a particular way to make it easier to deploy.

Many wireless headsets using Bluetooth technology have vulnerabilities that may allow malicious individuals to covertly listen in on private conversations, Tarlogic Security researchers have demonstrated last week at RootedCON in Madrid. "Many of the examples presented during the conference were real tests on devices that attendees - most of them cybersecurity experts - were carrying with them," they told Help Net Security.

CloudGrappler is an open-source tool designed to assist security teams in identifying threat actors within their AWS and Azure environments. The tool, built on the foundation of Cado Security's cloudgrep project, offers enhanced detection capabilities based on the tactics, techniques, and procedures of modern cloud threat actors like LUCR-3.

MITRE now offers an open-source version of its Aviation Risk Identification and Assessment software suite, OpenARIA. This initiative is dedicated to enhancing aviation safety and efficiency through the active involvement of the aviation community. The first prototype of ARIA was developed for the Federal Aviation Administration in collaboration with the FAA's Safety and Technical Training service unit Quality Assurance group, and it was introduced in October 2020.

On the government side of things, this includes a voluntary threat intelligence sharing program between the Feds and open source software developers and operators, which the US Cybersecurity and Infrastructure Security Agency will lead. "We want to help foster real-time collaboration around security incidents," CISA director Jen Easterly explained in a keynote address at the agency's Open Source Software Security Summit this week. While it's not exactly new, in 2022 NPM - which bills itself as the world's largest software registry - began requiring maintainers of high-impact projects to use MFA. Last year, NPM developed tools that allow maintainers to automatically generate package provenance and Software Bill of Materials, which allow anyone using the open source packages to trace and verify code dependencies.

Tazama is an open-source platform focused on improving fraud management within digital payment systems. Tazama marks a substantial transformation in the approach to financial monitoring and compliance worldwide.

RiskInDroid is an open-source tool for quantitative risk analysis of Android applications based on machine learning techniques. "A user should be able to quickly assess an application's level of risk by simply glancing at RiskInDroid's output, and they should be able to compare the app's risk with others easily," Gabriel Claudiu Georgiu, developer of RiskInDroid, told Help Net Security.

Python Risk Identification Tool is Microsoft's open-source automation framework that enables security professionals and machine learning engineers to find risks in generative AI systems. It started as a collection of individual scripts used during the team's initial foray into red teaming generative AI systems in 2022.