Security News

The Wazuh open source platform plays a critical role in monitoring Kubernetes and other components of an organization's infrastructure. Kubernetes is an open source container management solution that automates the deployment and scaling of containers and also manages the life cycle of containers.

80% of organizations increased their use of open source software over the last 12 months, according to Perforce Software and the Open Source Initiative. "Clearly, more technical support is needed for open source technologies, as personnel experience and proficiency is highly ranked again this year as a support concern across organizations regardless of size," said Javier Perez, Chief OSS Evangelist at Perforce Software.

Security will always be front of mind for businesses, and open source and its collaborative nature have the power to drive new ways of protecting against evolving security threats. For companies choosing open source, this becomes collaborative, with multiple organizations and individuals having a stake in ensuring that security is kept tight and up to date.

The legitimate command-and-control framework known as Sliver is gaining more traction from threat actors as it emerges as an open source alternative to Cobalt Strike and Metasploit. Sliver, developed by cybersecurity company BishopFox, is a Golang-based cross-platform post-exploitation framework that's designed to be used by security professionals in their red team operations.

Opinion For better or worse, we still need passwords, and to protect and organize them, I recommend the open source Bitwarden password manager. LastPass is perhaps the world's most popular password manager.

The number of open source vulnerabilities that Mend identified and added to its vulnerability database in the first nine months of 2022 was 33 percent greater than the first nine months of 2021, reflecting both the growth in the number of published open-source packages and the acceleration of vulnerabilities. The report's representative sampling through January to September 2022 of approximately 1,000 North American companies found that only 13 percent of vulnerabilities seen were remediated, compared with 40 percent remediated by those using modern application security best practices.

NuGet, PyPi, and npm ecosystems are the target of a new campaign that has resulted in over 144,000 packages being published by unknown threat actors. "The packages were part of a new attack vector, with attackers spamming the open-source ecosystem with packages containing links to phishing campaigns," researchers from Checkmarx and Illustria said in a report published Wednesday.

The weakness was just one recent example of a backdoor in open source software for attackers to sneak malicious code onto developer and end-user systems. If experts identify the software supply as a key security challenge for 2023, the Log4j phenomenon - not to mention the much-better known SolarWinds incursion in 2019 - shed light on how protecting the process could be difficult: A vast amount of commercial software is not written in-house.

After releasing the Open Source Vulnerabilities database in February, Google has launched the OSV-Scanner, a free command line vulnerability scanner that open source developers can use to check for vulnerabilities in their projects' dependencies. Finding vulnerabilities in open-source dependencies.

Unknown threat actors have uploaded a massive 144,294 phishing-related packages on open-source package repositories, inluding NPM, PyPi, and NuGet. The large-scale attack resulted from automation, as the packages were uploaded from accounts using a particular naming scheme, featured similar descriptions, and led to the same cluster of 90 domains that hosted over 65,000 phishing pages.