Security News

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code, now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF's Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

After developing a tool for testing the security of its own AI systems and assessing them for vulnerabilities, Microsoft has decided to open-source it to help organizations verify that that the algorithms they use are "Robust, reliable, and trustworthy." Counterfit started as a collection of attack scripts written to target individual AI models, but Microsoft turned it into an automation tool to attack multiple AI systems at scale.

As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift. The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

Now that you have your Pritunl VPN server up and running, Jack Wallen shows you how to connect the client. In a recent how-to, I walked you through the process of installing the Pritunl VPN server on Ubuntu 20.04.

Snyk announced that Snyk is now integrated into Bitbucket tooling, giving Bitbucket Cloud users rich security insights without having to leave the product. This newest collaboration will surface Snyk's developer-first security solution in the Bitbucket Cloud platform for the first time, empowering all Bitbucket Cloud users to now manage and mitigate their open source risk as part of the development process and throughout Bitbucket workflows.

After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal. Earlier today, the Babuk ransomware gang said in a message titled "Hello World 2" on their leak site that they had achieved their goal and decided to shut down the operation.

This round follows strong growth in 2020, a rapidly expanding customer base, a thriving open source community, and a massive growth opportunity with containers and cloud. Sysdig significantly expanded the total addressable market beyond container and Kubernetes security to include cloud security with the addition of continuous cloud security posture management in 2021.

Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop', a new tool designed to help security teams discover anomalies in datasets. Building on previous research, white papers, and other projects from Adobe's Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats.

SniperPhish is an all-in-one open-source phishing toolkit that pentesters and other security professionals can use for setting up and executing email and web-based spear phishing campaigns. "The idea to develop SniperPhish came to me in a period during which the company I previously worked with did many social engineering assessments. Most of the assessment included phishing campaigns, which means creating and hosting phishing websites and crafting email campaigns. The available tools had certain limitations and were not very effective at simultaneously tracking data from the phishing emails and websites," security consultant Gem George, the tool's creator, told Help Net Security.

The open source community delivered vital help to companies affected by the SolarWinds attack. One underappreciated facet of the wide-ranging scandal that has engulfed much of the U.S. government and hundreds of major companies involves the powerful role the open source community played in helping enterprises respond to the crisis, according to Greg Bell, co-founder and CSO of cybersecurity company Corelight.