open source
Hijacking of popular ctx and phpass packages reveals open source security gaps
The Python module “ctx” and a fork of the PHP library “phpass” have recently been modified by an unknown attacker to grab AWS credentials/keys and send …
Kali Linux 2022.2 released: Desktop enhancements, tweaks for the terminal, new tools, and more!
Offensive Security has released Kali Linux 2022.2, the latest version of its popular penetration testing and digital forensics platform. Cosmetic changes Kali Linux 2022.2 …
A 10-point plan to improve the security of open source software
The Linux Foundation and the Open Source Software Security Foundation, with input provided by executives from 37 companies and many U.S. government leaders, delivered a …
Nimbuspwn bugs allow attackers to gain root privileges on some Linux machines (CVE-2022-29799, CVE-2022-29800)
Microsoft has unearthed two security vulnerabilities (CVE-2022-29799, CVE-2022-29800) in the networkd-dispatcher daemon that may be exploited by attackers to gain root on many …
Principles for Kubernetes security and good hygiene
Traditional methods of software security are not a good fit for Kubernetes: a renewed set of security implementations are required to make it less vulnerable. What’s …
Ubuntu 22.04 LTS released, delivers enterprise-grade security
Canonical Ubuntu 22.04 LTS is now generally available, featuring significant leaps forward in cloud confidential computing, real-time kernel for industrial applications, and …
The state of open-source software supply chain security in 2022
In this video for Help Net Security, Donald Fischer, CEO at Tidelift, talks about the state of open-source software supply chain security in 2022. Open source is the modern …
Challenges development teams face when building applications with open source
Tidelift released a report providing critical insights into the state and practice of open source software supply chain management. This comprehensive study of nearly 700 …
81% of codebases contain known open source vulnerabilities
Synopsys released a report which examines the results of more than 2,400 audits of commercial and proprietary codebases from merger and acquisition transactions, and …
The state of open source security in 2022
In this video for Help Net Security, Kurt Seifried, Chief Blockchain Officer and Director of Special Projects at Cloud Security Alliance, talks about the state of open source …
What you need to look out for when installing packages from public repositories
In this Help Net Security video, Ax Sharma, Senior Security Researcher at Sonatype, talks about the risks posed by malicious open source packages. Malicious packages can harm …
Cloud-native adoption shifts security responsibility across teams
Styra released a research report which explores how in sync, or misaligned, IT leaders and developers are when it comes to cloud-native technology use and security during …
Featured news
Resources
Don't miss
- Deploying AI at the edge: The security trade-offs and how to manage them
- Cybercrime forums Cracked and Nulled seized, operators arrested
- SimpleHelp RMM vulnerabilities may have been exploited to breach healthcare orgs
- Zscaler CISO on balancing security and user convenience in hybrid work environments
- ExtensionHound: Open-source tool for Chrome extension DNS forensics