Security News

The issue was discovered by Federico Andres Lois while reviewing the tweet recommendation engine that's said to power Twitter's For You timeline. According to Lois's study of the engine bug he found, coordinated efforts to unfollow, mute, block and/or report a targeted user applies global reputation penalties to the account that are practically impossible to overcome based on how Twitter's recommendation algorithm treats negative actions.

In this Help Net Security interview, Kevin Muller, CEO at Passbolt, delves into the critical concerns linked to password usage, outlines how the Passbolt password manager guarantees the utmost level of security for businesses, highlights its features in the competitive landscape, sheds light on how Passbolt meets the distinct requirements of teams and organizations, and more. Passbolt is developed using proven security standards like OpenPGP and complies with security auditing standards such as SOC2 Type II. All of our security practices meet or exceed industry standards.

Twitter announced on Friday that it's open-sourcing the code behind the recommendation algorithm the platform uses to select the contents of the users' For You timeline. "Today's release also does not include the code that powers our ad recommendations. We also took additional steps to ensure that user safety and privacy would be protected, including our decision not to release training data or model weights associated with the Twitter algorithm at this point."

OpenAI says a Redis client open-source library bug was behind Monday's ChatGPT outage and data leak, where users saw other users' personal information and chat queries.OpenAI took ChatGPT offline to investigate an issue but did not provide details as to what caused the outage.

Nord Security has released the source code of its Linux NordVPN client and associated networking libraries in the hopes of being more transparent and easing users' security and privacy concerns. As part of this announcement, NordVPN released the source code for its Linux applications and two libraries - Libtelio and Libdrop.

Cloud workload security is a practice that ensures all cloud workloads are adequately monitored and protected. Cloud security solutions assist in protecting against threats targeting cloud infrastructure thereby lowering risk, improving application reliability, and ensuring regulatory compliance.

Attackers can create components with names that resemble those of legitimate open-source or system components. Relying on an immature component or project can pose significant operational risks.

Among these tools, Burp Suite stands out as one of the most popular and widely used options among security professionals and enthusiasts alike. Here's a collection of Burp Suite extensions to make it even better.

The findings of the report deliver an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software with the goal of helping security, legal, risk, and development teams better understand the open source security and license risk landscape. "An increase in the average number of open source components rising 13% in this year's audits further reinforces the importance of implementing a comprehensive SBOM that lists all open source components in your applications their licenses, versions, and patch status. This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks," Schmitt continued.

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates. In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four of 17 industries studied - computer hardware and chips, cybersecurity, energy and clean tech, and the Internet of Things - open source software was in 100 percent of audited codebases.