Security News

25% of Americans has lost money to online tax scams, according to McAfee. "As tax season ramps up, so too does cybercriminal activity. What's new this year is the scale and sophistication of scams we're now seeing thanks to artificial intelligence. From AI-generated robocalls with regional accents to very realistic and convincing fake emails, websites, and scam texts, cybercriminals are utilizing all the AI tools available to them, and so too should consumers to stay safe," said Steve Grobman, CTO at McAfee.

When I started digging deeper into the open-source cybersecurity ecosystem, I discovered an engaged community of developers working to find practical solutions to many problems, one of them being saving time. Here are 20 essential open-source cybersecurity tools that are freely available and waiting for you to include them in your arsenal.

Network monitoring tools provide automated network discovery and often also draw up network topology maps. Network device monitoring is often also referred to as network performance monitoring.

While 99% of companies have data protection solutions in place, 78% of cybersecurity leaders admit they've still had sensitive data breached, leaked, or exposed. "Today, data is highly portable. While AI and cloud technologies are igniting new business ventures that allow employees to connect, create, and collaborate, they also make it easier to leak critical corporate data like source code and IP," said Joe Payne, CEO of Code42.

OffSec has released Kali Linux 2024.1, the latest version of its popular penetration testing and digital forensics platform.The new version comes with new tools, a fresh look, a new image viewer for the Gnome desktop and a usability enhancement to the Xfce desktop, and updates for the Kali NetHunter mobile pentesting platform.

Kali Linux has released version 2024.1, the first version of 2024, with four new tools, a theme refresh, and desktop changes. [...]

IAM tools help organizations secure and manage user identities and access to resources, ensuring only authorized individuals gain access. Keycloak adheres to standard protocols such as OpenID Connect, OAuth 2.0 and SAML and provides fine-grained authorization services that support different access control mechanisms like attribute-based access control, role-based access control, user-based access control, rule-based access control and context-based access control.

Microsoft announced that it caught Chinese, Russian, and Iranian hackers using its AI tools-presumably coding tools-to improve their hacking abilities. In collaboration with OpenAI, we are sharing threat intelligence showing detected state affiliated adversaries-tracked as Forest Blizzard, Emerald Sleet, Crimson Sandstorm, Charcoal Typhoon, and Salmon Typhoon-using LLMs to augment cyberoperations.

Digital forensics plays a crucial role in analyzing and addressing cyberattacks, and it's a key component of incident response. Digital forensics provides vital information for auditors, legal teams, and law enforcement agencies in the aftermath of an attack.

As-a-service attacks continue to dominate the threat landscape, with Malware-as-a-Service and Ransomware-as-a-Service tools making up the majority of malicious tools in use by attackers, according to Darktrace. As-a-Service tools can provide attackers with everything from pre-made malware to templates for phishing emails, payment processing systems and even helplines to enable criminals to mount attacks with limited technical knowledge.