Hot Topics

open source

Linux Kernel 6.8 Released: New Features and Hardware Support

| | AppArmor, KernelCare Enterprise, Linear Address Masking, Linux & Open Source News, linux distros, Linux kernel, linux kernel 6.8, Linux Kernel features, linux kernel patching, Linux Kernel Release Candidate, Linux Kernel Security, linux kernel updates, linux live patching, linux systems, live patching, open source
Linus Torvalds recently announced the release of Linux kernel 6.8, the latest stable version of the Linux kernel. This update brings a plethora of new features and improvements, making it a significant ...
TuxCare
IONIX software supply chain, secure, Checkmarx Abnormal Security cyberattack supply chain cybersecurity

Mitigating Lurking Threats in the Software Supply Chain

| | Code, Cybersecurity, DEVOPS, open source, SBOM, software, threats
The first step to addressing software supply chain vulnerabilities and threats is to understand the most common attacks. Here's where to start ...
Security Boulevard

New SSH-Snake Worm-Like Tool Threatens Network Security

| | Cyber Threats, Cybersecurity, cybersecurity defense strategies, cybersecurity threats, Cybersecurity Weaknesses, enterprise security, Linux & Open Source News, open source, self-modifying worm, SSH malware, ssh private keys, SSH security, SSH-Snake, SSH-Snake malware, SSH-Snake worm, Sysdig Threat Research Team
The Sysdig Threat Research Team (TRT) discovered that a threat actor is leveraging an open-source network mapping tool called SSH-Snake for malicious activities. This tool utilizes SSH credentials found on the compromised ...
TuxCare
Pickle overlaying Python code snippet for the fickling tool

Relishing new Fickling features for securing ML systems

| | machine learning, open source, Static Analysis
By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, ...
Trail of Bits Blog
How we applied advanced fuzzing techniques to cURL

How we applied advanced fuzzing techniques to cURL

| | Application Security, fuzzing, open source
By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...
Trail of Bits Blog
Falco Edgio Salt Security APIs, organizations, Open APIs API CIS COVID-19 cybersecurity

CNCF Graduates Falco Project to Improve Linux Security

| | Cloud Security, Cloud-Native Security, CNCF, Falco, Linux, open source
The Cloud Native Computing Foundation (CNCF) announced today that Falco, an open source tool for defining security rules in Linux environments, has officially graduated ...
Security Boulevard
Synopsys Aim open source Microsoft data human cybersecurity organizations disaster cybersecurity ransomware HelpSystems human side of cybersecurity

Synopsys Report Exposes Extent of Open Source Software Security Risks

| | codebase, open source, OSS, Software Security, Synopsys
Synopsys found 74% of 1,067 commercial codebases scanned contain open source components impacted by high-risk vulnerabilities ...
Security Boulevard

Several OpenJDK Vulnerabilities Fixed

| | CVE, Debian Linux Security, Denial-of-Service (DoS), Java Secure Chain, java vulnerabilities, KernelCare Enterprise, Linux & Open Source News, linux live patching, linux systems, open source, OpenJDK vulnerabilities, OpenJDK Vulnerability Advisory, Oracle Java SE, SecureChain, security patches, security vulnerabilites
Recently, several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in side channel attacks, leaking of sensitive data to log files, denial of service, or bypass of sandbox ...
TuxCare

Continuously fuzzing Python C extensions

| | fuzzing, open source
By Matt Schwager Deserializing, decoding, and processing untrusted input are telltale signs that your project would benefit from fuzzing. Yes, even Python projects. Fuzzing helps reduce bugs in high-assurance software developed in ...
Trail of Bits Blog
A penguin, running towards us, beak wide open and screaming

Linux Vendors Squawk: PATCH NOW — CVSS 9.8 Bootkit Bug in shim.efi

| | BIOS, CVE-2023-40547, Enterprise Linux and Open Source, Linux, open source, Open Source and Software Supply Chain Risks, open source code, Open Source Community, open source components, open source development, Open Source Ecosystem, SB Blogwatch, secure boot, shim, UEFI, UEFI Failing, UEFI vulnerabilities
Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...
Security Boulevard
Load more