Security News

Google has released a new open-source tool called cosign to make it easier to manage the process of signing and verifying container images. Google says all of its distroless images have been signed using the open source tool and that all users of distroless can easily check whether they are using the base image they are looking for.

Agencies in the United States and the United Kingdom on Friday published a joint report providing more details on the activities of the Russian cyberspy group that is believed to be behind the attack on IT management company SolarWinds. The FBI, NSA, CISA and the UK's NCSC say the Russian threat actor tracked as APT29 was behind the SolarWinds attack, which resulted in hundreds of organizations having their systems breached through malicious updates served from compromised SolarWinds systems.

Accurics announced that its open source project Terrascan, which enables teams to detect compliance and security violations across Infrastructure as Code, now integrates with the Argo Project. This integration, coupled with the new Terrascan admission controller feature to enforce CNCF's Open Policy Agent policies across the software development lifecycle, significantly enhances cloud security as developers adopt a GitOps approach.

After developing a tool for testing the security of its own AI systems and assessing them for vulnerabilities, Microsoft has decided to open-source it to help organizations verify that that the algorithms they use are "Robust, reliable, and trustworthy." Counterfit started as a collection of attack scripts written to target individual AI models, but Microsoft turned it into an automation tool to attack multiple AI systems at scale.

As Kubecon Europe gets under way, Red Hat has pushed out StackRox, the Kubernetes security product it acquired earlier this year, as an open-source project which will be the upstream for its Advanced Cluster Security for OpenShift. The StackRox product is itself deployed as a Kubernetes application and has several components, aiming to pick up vulnerabilities in both container images and in Kubernetes, look for misconfigurations such as unnecessarily elevated privileges, perform rule-based threat detection, and more.

Now that you have your Pritunl VPN server up and running, Jack Wallen shows you how to connect the client. In a recent how-to, I walked you through the process of installing the Pritunl VPN server on Ubuntu 20.04.

Snyk announced that Snyk is now integrated into Bitbucket tooling, giving Bitbucket Cloud users rich security insights without having to leave the product. This newest collaboration will surface Snyk's developer-first security solution in the Bitbucket Cloud platform for the first time, empowering all Bitbucket Cloud users to now manage and mitigate their open source risk as part of the development process and throughout Bitbucket workflows.

After just a few months of activity, the operators of Babuk ransomware briefly posted a short message about their intention to quit the extortion business after having achieved their goal. Earlier today, the Babuk ransomware gang said in a message titled "Hello World 2" on their leak site that they had achieved their goal and decided to shut down the operation.

This round follows strong growth in 2020, a rapidly expanding customer base, a thriving open source community, and a massive growth opportunity with containers and cloud. Sysdig significantly expanded the total addressable market beyond container and Kubernetes security to include cloud security with the addition of continuous cloud security posture management in 2021.

Adobe this week announced the open-source availability of 'One-Stop Anomaly Shop', a new tool designed to help security teams discover anomalies in datasets. Building on previous research, white papers, and other projects from Adobe's Security Intelligence Team, OSAS out-of-the-box allows researchers to experiment with datasets, control data processing and feature combining, and help identify a solution for detecting security threats.