March 8, 2024 at 11:03AM CISA outlined key actions for securing open source software during a two-day security summit with community leaders. Steps include promoting security principles, implementing new security measures, and collaboration efforts. The Rust Foundation and Python Software Foundation announced plans to enhance security for their respective platforms. Additionally, other organizations, such as … Read more
January 17, 2024 at 01:21PM The FBI and CISA have issued an alert about a malware campaign targeting Apache webservers and websites using the Laravel Web application framework. The campaign aims to steal credentials for high-profile applications such as AWS, Microsoft 365, Twilio, and SendGrid. The threat actors use a known malware called “Androxgh0st” to … Read more
November 6, 2023 at 03:10PM Aqua Security has announced that its open source solution, Trivy, now includes vulnerability scanning for Kubernetes components. This helps companies understand the security of their Kubernetes environment and reduce risk. Trivy also supports Kubernetes Bill of Materials (KBOM) generation, allowing users to track cluster security changes over time. Aqua will … Read more
October 19, 2023 at 08:15AM Organizations are realizing the importance of continuous vulnerability scanning due to the narrow time between vulnerability discovery and exploitation by hackers. One-off or periodic scans provide a point-in-time snapshot of vulnerabilities but may leave businesses exposed to new vulnerabilities. Continuous scanning allows for 24/7 monitoring and faster identification and resolution … Read more