Security News
Fully opening the door to allow people to contribute to - and notably, tinker with - the code for the data-breach information service will be an entirely next-level effort, according to founder Troy Hunt. Since an appropriate buyer didn't turn up, the next plan is to open up the service's code base.
Guardicore unveiled new capabilities for Infection Monkey, its free, open source breach and attack simulation tool that maps to the MITRE ATT&CK knowledge base and tests network adherence to the Forrester Zero Trust framework. Infection Monkey is a self-propagating testing tool that hundreds of information technology teams from across the world use to test network adherence to the zero trust framework, and find weaknesses in their on-premises and cloud-based data centers.
At a Wednesday session at Black Hat USA 2020, researchers with FireEye demonstrated how freely-available, open-source tools - which offer pre-trained natural language processing, computer vision, and speech recognition tools - can be used to create malicious the synthetic media. Social media companies often do not require high bars of credibility, and offer a platform for content to go viral, allowing anyone to create fake media that is believable.
PE Tree, a malware reverse-engineering, open source tool developed by the BlackBerry Research and Intelligence team, has been made available for free to the cybersecurity community. PE Tree allows malware analysts to view Portable Executable files in a tree-view using pefile - a multi-platform Python module that parses and works with PE files - and PyQt5, a module that can be used to create graphical user interfaces.
BlackBerry on Monday announced a new open source tool to help security teams reverse engineer malware. Called PE Tree, BlackBerry said the free tool was initially developed for internal use, but the company has now released it as an additional tool for reverse engineers to have in their arsenal.
The newly formed Open Source Security Foundation includes titans in technology such as Google, Intel, Microsoft, IBM, and more. Today, the creation of the Open Source Security Foundation.
The OpenSSF is a consolidation of several pre-existing efforts in the same space and intends bring the Open Source Security Coalition and the Core Infrastructure Initiative under one roof. The CII is an existing Linux Foundation project that has wide support, including from AWS, Facebook, Huawei, Cisco, Intel, Qualcomm, and VMware, as well as most of the OpenSSF founder members mentioned above.
The Linux Foundation announced the formation of the Open Source Security Foundation, a cross-industry collaboration that brings together leaders to improve the security of open source software by building a broader community with targeted initiatives and best practices. It combines efforts from the Core Infrastructure Initiative, GitHub's Open Source Security Coalition and other open source security work from founding governing board members GitHub, Google, IBM, JPMorgan Chase, Microsoft, NCC Group, OWASP Foundation and Red Hat, among others.
TEAMARES launched DeimosC2, addressing the market need for a cross-compatible, open source Command and Control tool for managing compromised machines that includes mobile support. Offensive security teams often need access to a cost-effective, easy-to-use tool that can manage compromised machines after an exploitation.
Onapsis on Wednesday announced the release of an open source tool that helps organizations determine if their SAP systems are vulnerable to RECON attacks and checks if they may have already been targeted. RECON is the name assigned to a recently disclosed vulnerability - officially tracked as CVE-2020-6287 - that researchers at Onapsis identified in a component used by many SAP products.