Security News

In this video for Help Net Security, Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at Cloud Security Alliance, talks about the state of open source security in 2022. Open source is everywhere, it's in everything, and everyone is using it.

Developers are increasingly voicing their opinions through their open source projects in active use by thousands of software applications and organizations. While for the longest time open source software has been reliable, community-fuelled, and efficient in that it takes out the need to reinvent the wheel, the recurring cases of voluntary self-sabotage by maintainers have cast doubts on the overall reliability of the ecosystem.

A developer has been caught adding malicious code to a popular open-source package that wiped files on computers located in Russia and Belarus as part of a protest that has enraged many users and raised concerns about the safety of free and open source software. It constantly surprises non-computer people how much critical software is dependent on the whims of random programmers who inconsistently maintain software libraries.

Researchers have exposed a new targeted email campaign aimed at French entities in the construction, real estate, and government sectors that leverages the Chocolatey Windows package manager to deliver a backdoor called Serpent on compromised systems. Enterprise security firm Proofpoint attributed the attacks to a likely advanced threat actor based on the tactics and the victimology patterns observed.

As detailed in a report sent to Bleeping Computer by Security Joes, the threat actors observed in an attack against one of its clients in the gambling/gaming industry where a mix of custom-made and readily available open-source tools were used. The most notable cases are a modified version of Ligolo, a reverse tunneling utility that's freely available for pentesters on GitHub, and a custom tool to dump credentials from LSASS. Attack in the wild.

"Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exceed the sizes," PJSIP's developer Sauw Ming noted in an advisory posted on GitHub last month, a scenario that could result in buffer overflows. CVE-2021-43299 - Stack overflow in PJSUA API when calling pjsua player create().

A zero-day vulnerability in open-source Kubernetes development tool Argo lets malicious people steal passwords from git-crypt and other sensitive information by simply uploading a crafted Helm chart. The vuln, tracked as CVE-2022-24438, exists in Argo CD, a widely used open-source continuous delivery tool for Kubernetes.

Target, one of the largest American department store chains and e-commerce retailers, has open sourced 'Merry Maker' - its years-old proprietary scanner for payment card skimming. A skimmer is malicious code injected into shopping sites to steal customers' credit card data at checkout.

The Open Source Security Foundation announced $10 million in funding from a pool of tech and financial companies, including $5 million from Microsoft and Google, to find vulnerabilities in open...

PolKit vulnerability can give attackers root on many Linux distrosA memory corruption vulnerability in PolKit, a component used in major Linux distributions and some Unix-like operating systems, can be easily exploited by local unprivileged users to gain full root privileges. Attackers connect rogue devices to organizations' network with stolen Office 365 credentialsAttackers are trying out a new technique to widen the reach of their phishing campaigns: by using stolen Office 365 credentials, they try to connect rogue Windows devices to the victim organizations' network by registering it with their Azure AD. Stealthy Excel malware putting organizations in crosshairs of ransomware gangsThe HP Wolf Security threat research team identified a wave of attacks utilizing Excel add-in files to spread malware, helping attackers to gain access to targets, and exposing businesses and individuals to data theft and destructive ransomware attacks.