October 12, 2023 at 09:59AM The recently fixed vulnerabilities in the command-line tool curl and the libcurl library require security teams to identify and remediate impacted systems. The vulnerabilities can only be exploited under specific conditions. Organizations should scan their environment using software analysis tools to assess which systems are using curl and libcurl. Additionally, … Read more
October 11, 2023 at 10:07AM Several US government agencies, including CISA, the FBI, the NSA, and the US Department of Treasury, have released new cybersecurity guidance for using open source software (OSS) in operational technology (OT). The guidance aims to promote understanding and best practices for implementing OSS in industrial control systems and other OT … Read more
October 11, 2023 at 08:42AM Protect AI, the maker of Huntr, a bug bounty program for open source software, has licensed three of its AI/ML security tools under the permissive Apache 2.0 terms. The first tool, NB Defense, helps protect machine learning projects in Jupyter Notebooks. The second tool, ModelScan, scans ML models for attacks … Read more