November 3, 2023 at 09:42AM 48 malicious npm packages containing obfuscated JavaScript have been discovered in the npm repository. These packages, uploaded by an npm user named hktalent, can deploy a reverse shell on compromised systems. The attack is triggered post-installation, establishing a reverse shell to rsh.51pwn[.]com. This highlights the increasing interest of threat actors … Read more
October 24, 2023 at 12:47PM The Matrix open standard and communication protocol has released its second major version, which brings group VoIP with end-to-end encryption, faster loading times, and more. The protocol has experienced significant growth, with over 115 million unique matrix IDs on the public network. Matrix 2.0 also introduces features like Sliding Sync … Read more
October 19, 2023 at 08:13AM Some security startups are building ecosystems around the open-source security agent osquery to reduce reliance on proprietary software and customize IT monitoring and security. Companies like Fleet, Wazuh, Kolide, Zentral, and Uptycs use or integrate with osquery to provide universal endpoint monitoring. The recent update by Fleet allows the agents … Read more
October 13, 2023 at 10:49AM The European Union’s Cyber Resilience Act (CRA) is causing concern among the open source community. The Act, aimed at addressing cybersecurity issues, imposes strict regulations on software publishers, potentially hindering open source development. The open source community is advocating for more flexibility in the regulations and better understanding of how … Read more
October 13, 2023 at 06:18AM Dozens of vulnerabilities in the Squid caching and forwarding web proxy, discovered in 2021 by researcher Joshua Rogers, remain unpatched. Only a few flaws have been addressed, while 35 vulnerabilities still exist. The Squid Team lacks resources to address the issues, and the researcher suggests reassessing the use of Squid … Read more
October 12, 2023 at 08:26PM 35 vulnerabilities in the Squid caching proxy remain unfixed after more than two years, according to the person who reported them. The researcher found 55 flaws in Squid’s source code, but only 20 have been fixed. The remaining vulnerabilities do not have patches or workarounds, and some have not been … Read more