%term

Discovered new BYOF technique to cryptomining with PRoot

Dec 5, 2022 By Biagio Dipalma In Sysdig

The Sysdig Threat Research Team (TRT) recently discovered threat actors leveraging an open source tool called PRoot to expand the scope of their operations to multiple Linux distributions and simplify their necessary efforts. Typically, the scope of an attack is limited by the varying configurations of each Linux distribution. Enter PRoot, an open source tool that provides an attacker with a consistent operational environment across different Linux distributions, such as Ubuntu, Fedora, and Alpine.

Read Post

Sysdig

Read more about Discovered new BYOF technique to cryptomining with PRoot

Shift-Left Testing and Its Benefits

Nov 30, 2022 By Patricia Johnson In Mend

Testing practices have been shifting left in the software development process due to the growing challenge of developing and delivering high-quality, secure software at today’s competitive pace. Agile methodologies and the DevOps approach were created to address these needs. In this post, we’ll map out the basics of shift-left practices in the DevOps pipeline and discuss how to shift left your open source security and compliance testing. Contents hide 1 What does shift left mean?

Read Post

Mend

Read more about Shift-Left Testing and Its Benefits

Adventures in Open Source: A conversation about the journey and lessons learned

Nov 29, 2022 By LimaCharlie In LimaCharlie

Open source as a philosophy was born alongside the Internet at a time when the world was much more optimistic. The naysayers said it couldn’t be done, that it wasn’t secure, and that it was just a matter of time before all these projects failed. Fast forward 30-40 years and the open source ecosystem is thriving. Linux runs on the top 500 super computers in the world, almost 95% of the world’s servers, and 85% of all smart phones.

View Video

LimaCharlie

Read more about Adventures in Open Source: A conversation about the journey and lessons learned

Project Pyrsia: Securing the OSS Supply Chain

Nov 22, 2022 By JFrog In JFrog

In this video, learn the mission of Project Pyrsia, how it aids in securing the #softwaresupplychain and why it matters—from project partners at JFrog, DeployHub, and Oracle!

View Video

JFrog

Read more about Project Pyrsia: Securing the OSS Supply Chain

The future of cyber threat prevention lies in open security

Nov 10, 2022 By Jake King In Elastic

For far too long, the cybersecurity industry has subscribed to a flawed methodology — one that is based on the notion that organizations can avoid security threats through obscurity and secrecy. The assumption is that keeping security controls and processes covert makes products and data inherently more secure against cyber threats within the networks we defend. However, even the most sophisticated cybersecurity defenses are no match for well-funded, highly motivated adversaries.

Read Post

Elastic

Read more about The future of cyber threat prevention lies in open security

Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Nov 10, 2022 By Daniella Pontes In Sysdig

The awaited OpenSSL 3.0.7 patch was released on Nov. 1. The OpenSSL Project team announced two HIGH severity vulnerabilities (CVE-2022-3602, CVE-2022-3786), which affect all OpenSSL v3 versions up to 3.0.6. These vulnerabilities are remediated in version 3.0.7, which was released Nov. 1. The vulnerabilities fixed include two stack-based buffer overflows in the name constraint checking portion of X.509 certificate verification.

Read Post

Sysdig

Read more about Using Sysdig Secure to Detect and Prioritize Mitigation of CVE 2022-3602 & CVE 2022-3786: OpenSSL 3.0.7

Supply Chain Security for Open Source: Pyrsia at CD Summit and KubeCon 2022

Nov 7, 2022 By Sudhindra Rao In JFrog

I was super excited to be at Kubecon+CloudNativeCon this year. Kubecon has managed to build a great community that goes beyond Kubernetes and has been a good catalyst in bringing together people passionate about OpenSource. Kubecon also has attracted a lot of interest due to the quality of sessions, the number of co-located events, and the opportunity to connect with peers, partners and friends.

Read Post

JFrog

Read more about Supply Chain Security for Open Source: Pyrsia at CD Summit and KubeCon 2022

Open source cybersecurity tools

Nov 3, 2022 By Christopher Luft In LimaCharlie

At LimaCharlie, we believe that open-source tools have a crucial role to play in the security industry. This conviction stems, in part, from our company history: LimaCharlie started out as an open-source endpoint detection and response (EDR) project. But beyond that, we think that the future of cybersecurity will be marked by the values of open-source tech; by a trend towards greater openness and transparency.

Read Post

LimaCharlie

Read more about Open source cybersecurity tools

Network Detection and Incident Response with Open Source Tools

Nov 2, 2022 By Corelight In Corelight

When conducting incident response, EDR and firewall technologies can only show you so much. The breadth of network traffic provides an unrivalled source of evidence and visibility. Open-source security technologies such as Zeek, Suricata, and Elastic can deliver powerful network detection and response capabilities, furthermore the global communities behind these tools can also serve as a force multiplier for security teams, often accelerating response times to zero-day exploits via community-driven intel sharing.

View Video

Corelight

Read more about Network Detection and Incident Response with Open Source Tools

Pyrsia OSS Project

Oct 28, 2022 By JFrog In JFrog

Meet our partner experts and learn more about how JFrog's Pyrsia project (the decentralized package network) works hard to secure the #softwaresupplychain! Learn more at https://pyrsia.io/.
#DevOps #DevSecOps

View Video