Security News

Open-source vulnerability disclosure: Exploitable weak spots
2023-11-09 12:14

Flaws in the vulnerability disclosure process of open-source projects could be exploited by attackers to harvest the information needed to launch attacks before patches are made available, Aqua Security researchers worry. "Half-day" vulnerabilities are known to the maintainer and information about them is publicly exposed on GitHub or the National Vulnerability Database, but there's still no official fix.

Aqua Trivy open-source security scanner now finds Kubernetes security risks
2023-11-08 05:30

The Aqua Trivy open-source scanner now supports vulnerability scanning for Kubernetes components and Kubernetes Bill of Materials generation. Now, companies can better understand the components within their Kubernetes environment and how secure they are to reduce risk.

Kubescape 3.0 elevates open-source Kubernetes security
2023-11-07 05:30

Targeted at the DevSecOps practitioner or platform engineer, Kubescape, the open-source Kubernetes security platform has reached version 3.0. Reporting on the vulnerabilities of all the images in a cluster: This provides a comprehensive view of the security posture of all the images in a cluster and helps organizations prioritize remediation efforts.

Raven: Open-source CI/CD pipeline security scanner
2023-10-27 05:30

Raven is an open-source CI/CD pipeline security scanner that makes hidden risks visible by connecting the dots across vulnerabilities woven throughout the pipeline that, when viewed collectively, reveal a much greater risk than when assessed as one-off CVEs. Raven boosts the ability of security teams to implement secure software development practices, enabling them to work more strategically with DevOps teams while maturing their organization's ASPM capabilities.

Wazuh: Free and open-source XDR and SIEM
2023-10-24 04:00

Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings.

Critical Vulnerabilities Uncovered in Open Source CasaOS Cloud Software
2023-10-17 14:37

Two critical security flaws discovered in the open-source CasaOS personal cloud software could be successfully exploited by attackers to achieve arbitrary code execution and take over susceptible...

Can open source be saved from the EU's Cyber Resilience Act?
2023-10-13 14:45

Opinion When I was in Bilbao recently for the Open Source Summit Europe event, the main topic of conversation was the European Union's Cyber Resilience Act. Why? Because pretty much everyone with an open source clue sees it as strangling open source software development.

The root cause of open-source risk
2023-10-05 03:00

One in eight open-source downloads today poses known and avoidable risks. Only 11% of open-source projects are 'actively maintained'.

Rogue npm Package Deploys Open-Source Rootkit in New Supply Chain Attack
2023-10-04 11:16

A new deceptive package hidden within the npm package registry has been uncovered deploying an open-source rootkit called r77, marking the first time a rogue package has delivered rootkit...

Microsoft Edge, Teams get fixes for zero-days in open-source libraries
2023-10-03 14:54

Microsoft released emergency security updates for Edge, Teams, and Skype to patch two zero-day vulnerabilities in open-source libraries used by the three products. The libwebp library is used by a large number of projects for encoding and decoding images in the WebP format, including modern web browsers like Safari, Mozilla Firefox, Microsoft Edge, Opera, and the native Android web browsers, as well as popular apps like 1Password and Signal.