Security News

In this Help Net Security video, Gal Sadeh, Head of Data and Security Research at Silverfort, discusses LATMA, a free, open-source tool. It's engineered with advanced algorithms to track and report any unusual activity within an environment.

The ThreatNG Governance and Compliance Dataset is an open-source initiative that aims to democratize access to critical data, fostering transparency, collaboration, and improvement of cybersecurity practices globally. The open-source datasets offered by ThreatNG provide an understanding of organizational practices, promoting informed decision-making and accountability within the corporate landscape.

Nemesis is a centralized data processing platform that ingests, enriches, and performs analytics on offensive security assessment data. Offensive data is not unified: it's siloed inside specific tools and machines rather than being modeled and analyzed holistically.

With its innovative feature for generating reliable Vulnerability Exploitability eXchange documents, Kubescape became the first open-source project to provide this functionality. Vulnerability Exploitability eXchange is a standard that facilitates the sharing and analyzing of information about vulnerabilities and their potential for exploitation.

OpenTofu is an open-source alternative to Terraform's widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform's recently announced license change from a Mozilla Public License v2.0 to a Business Source License v1.1, providing everyone with a reliable, open-source alternative under a neutral governance model.

Kubernetes has become a critical part of the infrastructure for many organizations. With its widespread adoption, Kubernetes environments have also become a target for cyber threats.

A vulnerability in an open-source library that is common across the Web3 space impacts the security of pre-built smart contracts, affecting multiple NFT collections, including Coinbase. "If you used our Solidity SDK to extend our base contract or built a custom contract, we don't believe the vulnerability extends to your contract," explains Thirdweb, adding that this is not a guarantee because they "Are unable to audit individual contracts."

SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user's session token and checks for a list of URLs if access is possible, highlighting potential authorization issues.

Infosec in brief The European Union's Parliament and Council have reached an agreement on the Cyber Resilience Act, setting the long-awaited security regulation on a path to final approval and adoption, along with new rules exempting open source software. The CRA was proposed by the European Commission in September 2022 and imposes mandatory cyber security requirements for all hardware and software products - from baby monitors to routers, as the EU Commission put it.

German company Nitrokey has released NetHSM 1.0, an open-source hardware security module. "Your private keys are kept secure inside the NetHSM, in case of server hacks and the physical compromise of your data center. NetHSM allows you to easily fulfill security compliance requirements," the company says.