Security News

5 open source Burp Suite penetration testing extensions you should check out
2023-03-01 06:00

Among these tools, Burp Suite stands out as one of the most popular and widely used options among security professionals and enthusiasts alike. Here's a collection of Burp Suite extensions to make it even better.

The potential pitfalls of open source management
2023-02-23 04:00

The findings of the report deliver an in-depth look at the current state of open source security, compliance, licensing, and code quality risks in commercial software with the goal of helping security, legal, risk, and development teams better understand the open source security and license risk landscape. "An increase in the average number of open source components rising 13% in this year's audits further reinforces the importance of implementing a comprehensive SBOM that lists all open source components in your applications their licenses, versions, and patch status. This is a foundational strategy towards understanding and reducing business risk by defending against software supply chain attacks," Schmitt continued.

Open source software has its perks, but supply chain risks can't be ignored
2023-02-22 12:46

Analysis Open source components play an increasingly central role in the software development scene, proving to be a boon in a time of continuous integration and deployment, DevOps, and daily software updates. In a report last year, silicon design automation outfit Synopsys found that 97 percent of codebases in 2021 contained open source, and that in four of 17 industries studied - computer hardware and chips, cybersecurity, energy and clean tech, and the Internet of Things - open source software was in 100 percent of audited codebases.

Critical RCE Vulnerability Discovered in ClamAV Open-Source Antivirus Software
2023-02-17 05:46

Cisco has rolled out security updates to address a critical flaw reported in the ClamAV open source antivirus engine that could lead to remote code execution on susceptible devices."This vulnerability is due to a missing buffer size check that may result in a heap buffer overflow write," Cisco Talos said in an advisory.

Google boosts bounties for open source flaws found via fuzzing
2023-02-01 23:01

Google sweetened the potential pot to $30,000 for bug hunters in its open source OSS-Fuzz code testing project. On Wednesday, Google increased bounties for fuzzing coverage projects, and added rewards for some FuzzBench integrations.

Auditing Kubernetes with Open Source SIEM and XDR
2023-02-01 10:26

The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers.

Open source skills continue to be in high demand
2023-01-27 04:30

80% of organizations increased their use of open source software over the last 12 months, according to Perforce Software and the Open Source Initiative. "Clearly, more technical support is needed for open source technologies, as personnel experience and proficiency is highly ranked again this year as a support concern across organizations regardless of size," said Javier Perez, Chief OSS Evangelist at Perforce Software.

How businesses can bolster their cybersecurity defenses with open source
2023-01-26 05:30

Security will always be front of mind for businesses, and open source and its collaborative nature have the power to drive new ways of protecting against evolving security threats. For companies choosing open source, this becomes collaborative, with multiple organizations and individuals having a stake in ensuring that security is kept tight and up to date.

Threat Actors Turn to Sliver as Open Source Alternative to Popular C2 Frameworks
2023-01-23 09:54

The legitimate command-and-control framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that's designed to be used by security professionals in their red team operations.

For password protection, dump LastPass for open source Bitwarden
2023-01-16 11:30

Opinion For better or worse, we still need passwords, and to protect and organize them, I recommend the open source Bitwarden password manager. LastPass is perhaps the world's most popular password manager.