Security News

Microsoft Releases Open Source Fuzzing Framework for Azure
2020-09-15 16:17

Microsoft on Tuesday announced the release of Project OneFuzz, an open source fuzzing framework for Azure that the tech giant has been using internally for the past year to find and patch bugs. Project OneFuzz, which Microsoft describes as an extensible fuzz testing framework, is designed to address some of the challenges typically associated with fuzzing, enabling developers to conduct this type of testing themselves and allowing security engineers to focus on other important tasks.

RedCommander: Open source tool for red teaming exercises
2020-09-03 04:00

GuidePoint Security released a new open source tool that enables a red team to easily build out the necessary infrastructure. The RedCommander tool solves a major challenge for red teams around the installation and operationalization of infrastructure by combining automation scripts and other tools into a deployable package.

prpl Foundation prplMesh software stack includes open-source code for both Agent and Controller
2020-08-27 01:30

Prpl Foundation announced the release of its prplMesh software stack, eligible for Wi-Fi Alliance certification as Release 1, for both Agent and Controller. The prplMesh release includes open-source code for both Agent and Controller, providing a complete EasyMesh network.

GrammaTech Releases Open Source API Security Tool
2020-08-26 15:31

Application security testing company GrammaTech announced on Wednesday that it has released an open source tool designed to detect API usage errors. The tool, named SWAP Detector, was developed as part of a research project sponsored by the U.S. Department of Homeland Security and GrammaTech says it can be highly useful for DevOps application security testing.

Swap Detector: Open source tool for detecting API usage errors
2020-08-26 12:55

GrammaTech has released Swap Detector, an open source tool that enables developers and DevOps teams to identify errors due to swapped function arguments, which can also be present in deployed code. API usage errors are a common source of security and reliability vulnerabilities.

Adobe Open Sources Tool for Sanitizing Logs, Detecting Exposed Credentials
2020-08-21 13:41

Adobe has made available in open source a tool designed to identify randomly generated strings in any plain text. Dubbed Stringlifier, the tool was written in Python and leverages machine learning to differentiate random character sequences from normal text sequences.

Terrascan open source software helps developers build secure cloud infrastructure
2020-08-18 04:30

Accurics unveiled a major upgrade to Terrascan, the open source static code analyzer that enables developers to build secure infrastructure as code. The new Terrascan architecture leverages the Open Policy Agent engine from CNCF, which dramatically simplifies policy definition for developers that want to create custom policies as well as provides over 500 out-of-the-box policies for the CIS Benchmark.

Week in review: vBulletin 0-day, open source projects under attack, critical security updates galore
2020-08-16 11:15

Intel, SAP, and Citrix release critical security updatesAugust 2020 Patch Tuesday was expectedly observed by Microsoft and Adobe, but many other software firms decided to push out security updates as well. Exploits for vBulletin zero-day released, attacks are ongoingThe fix for CVE-2019-16759, a remote code execution vulnerability in vBulletin that was patched in September 2019, is incomplete, security researcher Amir Etemadieh has discovered.

Surge in cyber attacks targeting open source software projects
2020-08-13 04:30

There has been a massive 430% surge in next generation cyber attacks aimed at actively infiltrating open source software supply chains, Sonatype has found. The difference between "Next generation" and "Legacy" software supply chain attacks is simple but important: next generation attacks like ​Octopus Scanner​ and ​electron-native-notify​ are strategic and involve bad actors intentionally targeting and surreptitiously compromising "Upstream" open source projects so they can subsequently exploit vulnerabilities when they inevitably flow "Downstream" into the wild.

Facebook Open Sources Analysis Tool for Python Code
2020-08-11 03:30

Facebook has announced the availability of Pysa, an open-source tool designed for the static analysis of Python code. The security-focused tool relies on Pyre, Facebook's type checker for Python, and allows for the analysis of how data flows through code.