Security News

CISA: Most critical open source projects not using memory safe code
2024-06-26 17:56

The U.S. Cybersecurity and Infrastructure Security Agency has published research looking into 172 key open-source projects and whether they are susceptible to memory flaws. The report, cosigned by CISA, the Federal Bureau of Investigation, as well as Australian and Canadian organizations, is a follow-up to the 'Case for Memory Safe Roadmaps' released in December 2023, aimed at raising awareness about the importance of memory-safe code.

Zeek: Open-source network traffic analysis, security monitoring
2024-06-25 04:00

Unlike an active security device such as a firewall, Zeek operates on a versatile 'sensor' that can be a hardware, software, virtual, or cloud platform. This flexibility allows Zeek to quietly monitor network traffic, interpret it, and generate transaction logs, file content, and customized output.

Ollama drama as 'easy-to-exploit' critical flaw found in open source AI server
2024-06-24 20:34

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Open-source Rafel RAT steals info, locks Android devices, asks for ransom
2024-06-24 11:37

The open-source Rafel RAT is being leveraged by multiple threat actors to compromise Android devices and, in some cases, to lock them, encrypt their contents, and demand money to restore the device to its original state. Check Point researchers have observed around 120 different malicious campaigns leveraging the malware, hitting devices around the world, but primarely in the US, China, India and Indonesia.

Multiple Threat Actors Deploying Open-Source Rafel RAT to Target Android Devices
2024-06-24 05:04

Multiple threat actors, including cyber espionage groups, are employing an open-source Android remote administration tool called Rafel RAT to meet their operational objectives by masquerading it...

Cilium: Open-source eBPF-based networking, security, observability
2024-06-21 04:00

Cilium is an open-source, cloud-native solution that leverages eBPF technology in the Linux kernel to provide, secure, and monitor network connectivity between workloads. eBPF is a technology originating from the Linux kernel that allows sandboxed programs to run in a privileged context, such as the operating system kernel.

SELKS: Open-source Suricata IDS/IPS, network security monitoring, threat hunting
2024-06-19 04:30

SELKS is a free, open-source, turnkey solution for Suricata-based network intrusion detection and protection, network security monitoring, and threat hunting. Since all the data in SELKS is generated by the Suricata engine, it is popular among network security practitioners who explore the capabilities of Suricata IDS/IPS/NSM and analyze the network protocol monitoring logs and alerts it generates.

Enhancing security through collaboration with the open-source community
2024-06-18 04:30

In this Help Net Security interview, Alan DeKok, CEO at NetworkRADIUS, discusses the need for due diligence in selecting and maintaining open-source tools, and brings out the potential risks and benefits of collaborating with the open-source community to enhance software security. Un-vetted open-source tools can certainly reduce system security.

Ghidra: Open-source software reverse engineering framework
2024-06-17 04:00

Ghidra, a cutting-edge open-source software reverse engineering framework, is a product of the National Security Agency Research Directorate. The framework features high-end software analysis tools, enabling users to analyze compiled code across various platforms, including Windows, macOS, and Linux.

YetiHunter: Open-source threat hunting tool for Snowflake environments
2024-06-14 10:26

Cloud identity protection company Permiso has created YetiHunter, a threat detection and hunting tool companies can use to query their Snowflake environments for evidence of compromise. Cloud-based data storage and analytics company Snowflake has recently stated that attackers have accessed accounts of some of its customers by leveraging compromised credentials.