Security News

Elastic announces new updates across the Elastic Security solution in its 7.13 release to broaden support for osquery, the open source host instrumentation framework, with a new host management integration for Elastic Agent and unified analysis of osquery host data. The osquery host management integration, now in beta, enables security teams to use osquery results to address cyber threats without the complexity or cost of a separate management layer.

You don't want that, which is why you should employ a tool like MOSH. MOSH stands for Mobile Shell and makes it possible for you to keep a persistent SSH connection-even if you change networks or your connection momentarily drops. Under the hood, MOSH logs the user in via SSH and then starts a connection on a UDP port between 60000 and 61000, to keep the connection persistent.

Yor is an open-source tool from Palo Alto Networks that automatically tags cloud resources within infrastructure as code frameworks such as Terraform, Cloudformation, Kubernetes, and Serverless Framework. Yor helps security teams trace a security misconfiguration from code to cloud, automates the tedious work of manually tagging cloud resources, and enables highly effective GitOps across all major cloud providers.

Automated testing and rapid deployment are critical to defending against vulnerabilities in open source software, said David Wheeler, director of Open Source Supply Chain Security at the Linux Foundation. Wheeler referenced a 2021 report by software security and IoT company Synopsys which said there are an average of 528 open source components per application, that 84 per cent of codebases have at least one vulnerability, and the average number of vulnerabilities per codebase is 158.

"You only want to learn the larger patterns in the data, and so what differential privacy is doing is adding some noise to hide those smaller patterns that you didn't want to know anyway," Bird explained. Others reach out to the SmartNoise team on GitHub, which has led to a more formal early adoption programme where Microsoft is helping organisations like Humana and the Educational Results Partnership build differential privacy into research programmes looking at health and education data.

Microsoft this week announced the availability of SimuLand, an open source tool that enables security researchers to reproduce attack techniques in lab environments. The purpose of SimuLand, Microsoft says, is to help understand the behavior and functionality of threat actors' tradecraft, to find mitigations and validate existing detection capabilities, and to identify and share data sources relevant to adversary detection.

Commentary: It's progress that President Biden's executive order recognizes the need to secure open source software. Writing at that time, Recordon said, "The pandemic and ongoing cyber security attacks present new challenges for the entire Executive Office of the President." Fast forward to May 2021, and President Biden issued an executive order on improving the nation's cybersecurity, with Recordon's open source fingers all over the document.

Enterprises have a deep appreciation for the value of open source software with 100% of the information technology decision-makers in a recent survey saying that "Using open source provides benefits for their organization." The survey of 200 IT decision-makers was conducted by Vanson Bourne. Use of open source software increasing among enterprises.

Google has released a new open-source tool called cosign to make it easier to manage the process of signing and verifying container images. Google says all of its distroless images have been signed using the open source tool and that all users of distroless can easily check whether they are using the base image they are looking for.

Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The FBI, NSA, CISA and the UK's NCSC say the Russian threat actor tracked as APT29 was behind the SolarWinds attack, which resulted in hundreds of organizations having their systems breached through malicious updates served from compromised SolarWinds systems.