Security News

8 open-source OSINT tools you should try
2023-08-22 03:00

Open-Source Intelligence refers to gathering, assessing, and interpreting public information to address specific intelligence queries. The OWASP Amass project performs network mapping of attack surfaces and external asset discovery using open-source information gathering and active reconnaissance techniques.

At Black Hat, Splunk, AWS, IBM Security and Others Launch Open Source Cybersecurity Framework
2023-08-14 22:46

A consortium led by Splunk and AWS are hoping to fix this by standardizing how events are noted in logs, reducing the burden on security teams to decipher alerts they receive from multiple tools and vendors. Last week at Black Hat, security vendor Splunk announced the general availability of the Open Cybersecurity Schema Framework.

Hackers use open source Merlin post-exploitation toolkit in attacks
2023-08-09 21:32

Ukraine is warning of a wave of attacks targeting state organizations using 'Merlin,' an open-source post-exploitation and command and control framework. Merlin is a Go-based cross-platform post-exploitation toolkit available for free via GitHub, offering extensive documentation for security professionals to use in red team exercises.

Popular open source project Moq criticized for quietly collecting data
2023-08-09 17:42

Open source project Moq (pronounced "Mock") has drawn sharp criticism for quietly including a controversial dependency in its latest release. Moq's 4.20.0 release from this week included another...

SandboxAQ launches open-source meta-library of cryptographic algorithms
2023-08-09 02:30

SandboxAQ launched Sandwich, an open-source framework that simplifies modern cryptography management and enables developers to steer their organizations towards cryptographic agility. With a unified API, Sandwich empowers developers to embed the cryptographic algorithms of their choice directly into their applications and change them as technologies and threats evolve - without rewriting code.

Enhancing Security Operations Using Wazuh: Open Source XDR and SIEM
2023-08-07 10:30

Wazuh is an open source unified XDR and SIEM platform that helps organizations monitor, detect, and respond to security threats and compliance issues across their IT infrastructure. Wazuh extends its capabilities by integrating with several security platforms.

Assess multi-cloud security with the open-source CNAPPgoat project
2023-08-03 04:30

Ermetic released CNAPPgoat, an open-source project that allows organizations to test their cloud security skills, processes, tools, and posture in interactive sandbox environments that are easy to deploy and destroy. CNAPPgoat supports AWS, Azure, and GCP platforms for assessing the security capabilities included in Cloud Native Application Protection Platforms.

Open-source penetration testing tool BloodHound CE released
2023-08-02 03:30

SpecterOps released version 5.0 of BloodHound Community Edition, a free and open-source penetration testing solution that maps attack paths in Microsoft Active Directory and Azure environments. "The way that BloodHound Community Edition maps out Attack Paths in AD and Azure is unique - there isn't another tool that can find hidden and unintentional relationships to identify complex Attack Paths that attackers can exploit. After this update, the tool will offer a user experience closer to an enterprise-grade product than an open-source tool," Andy Robbins, co-creator of BloodHound and a Principal Product Architect at SpecterOps, told Help Net Security.

Open-source security challenges and complexities
2023-07-31 03:30

Open source refers to software or technology that is made available to the public with its source code openly accessible, editable, and distributable. In other words, the source code contains the underlying programming instructions and is freely available for anyone to view, modify, enhance, and share.

Banking Sector Targeted in Open-Source Software Supply Chain Attacks
2023-07-24 07:24

Cybersecurity researchers said they have discovered what they say is the first open-source software supply chain attacks specifically targeting the banking sector. "These attacks showcased advanced techniques, including targeting specific components in web assets of the victim bank by attaching malicious functionalities to it," Checkmarx said in a report published last week.