#OpenSourceSecurity

How open source SIEM and XDR tackle evolving threats

by

October 9, 2024 at 12:11PM Today’s cybersecurity landscape demands advanced solutions like Security Information and Event Management (SIEM) and Extended Detection and Response (XDR) to combat evolving threats. Open-source platforms, such as Wazuh, offer cost-effective, scalable, and customizable security, enabling organizations to enhance threat detection and response through real-time monitoring and automated capabilities. **Meeting Takeaways: … Read more

Malicious npm Packages Mimicking ‘noblox.js’ Compromise Roblox Developers’ Systems

by

September 2, 2024 at 12:24AM Developers of Roblox are being targeted by a persistent campaign that uses fake npm packages to compromise systems, mimicking the popular ‘noblox.js’ library. Attackers employ brandjacking and starjacking to give a facade of legitimacy. Malicious packages steal data and deploy malware, with the end goal being to deploy Quasar RAT … Read more

Why LLMs Are Just the Tip of the AI Security Iceberg

by

August 28, 2024 at 10:03AM The rise of generative AI and large language models bring real security risks, from exposing data to malicious attacks. The rapid adoption of AI introduces new risks, but the opaque nature of AI models makes identifying and managing these risks challenging. Implementing an AI security framework and following key strategies … Read more

Hundreds of LLM Servers Expose Corporate, Health & Other Online Data

by

August 28, 2024 at 06:05AM Open source large language model (LLM) servers and vector databases are unknowingly leaking sensitive data online. Legit security researcher Naphtali Deutsch discovered numerous vulnerable open source AI services, including unpatched Flowise servers and unprotected vector databases. The exposed data poses serious security risks, requiring organizations to implement strict access controls … Read more

Critical, Actively Exploited Jenkins RCE Bug Suffers Patch Lag

by

August 21, 2024 at 10:35AM Jenkins, a widely used automation server, has been plagued by a critical CVE-2024-23897 vulnerability for seven months, with active exploitation ongoing. The vulnerability, if exploited, can lead to unauthorized file access, cryptographic key exposure, and code execution. Despite a security fix, many users failed to patch their systems, resulting in … Read more

White House Pledges $10 Million for Open Source Initiative

by

August 16, 2024 at 06:54AM The federal government is investing $11 million in the Open-Source Software Prevalence Initiative (OSSPI) to understand and enhance the security of open-source software used in critical infrastructure. National Cyber Director Hary Coker announced the initiative, aiming to strengthen national cybersecurity and collaborate with the cybersecurity community. The initiative aligns with … Read more

DARPA Announces AI Cyber Challenge Finalists

by

August 16, 2024 at 06:40AM The DARPA AI Cyber Challenge (AIxCC) semifinal competition at DEF CON 32 last week saw seven teams advance to the finals, each being awarded a $2 million prize. Partnered with ARPA-H, teams worked to secure open-source infrastructure software, with the aim of protecting critical infrastructure. The final competition will take … Read more

DARPA, ARPA-H award $14m to 7 AIxCC semifinalists, with a catch

by

August 15, 2024 at 03:23PM The DARPA AI Cyber Challenge has narrowed down to seven semifinalists. The contest aimed at developing AI models to enhance open source code security in critical infrastructure. Semifinalists successfully identified and patched vulnerabilities, earning a $2 million prize and a spot in the finals. Finalists must agree to open source … Read more

GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover

by

August 15, 2024 at 03:21AM A new attack vector named ArtiPACKED exploits GitHub Actions artifacts, potentially compromising repositories and cloud environments. Palo Alto Networks Unit 42 researchers revealed how misconfigurations and security flaws could lead to the leakage of tokens, opening opportunities for malicious actors to compromise services and push rogue code to production. Vulnerable … Read more

Critical AWS Vulnerabilities Allow S3 Attack Bonanza

by

August 8, 2024 at 08:07AM Aqua Security researchers discovered six critical vulnerabilities in Amazon Web Services (AWS) that could have allowed remote code execution, exfiltration, denial of service attacks, and account takeovers. Attack methods such as “Bucket Monopoly” and “Shadow Resources” were uncovered and reported to AWS, which rolled out mitigations between March and June. … Read more