Open Source News, Articles and Updates

Polymorphic Monero-Mining RETADUP Worm keeps threat detection on its toes

A cryptocurrency mining worm written in the same open-source scripting language used for creating Windows hotkeys and using polymorphism is giving conventional threat detection techniques a run for their money.

How safe are apps built on Open Source? Is security traded for efficiency?

Many enterprises are embracing Open source software (OSS) at a fast pace, but do such software solutions match up against enterprises' internal applications when it comes to security, robustness, maintainability, and efficiency?

21% of serverless applications feature critical vulnerabilities

An audit of 1,000 open-source serverless applications carried out by serverless security company PureSec has revealed that 21 percent of such applications feature critical security vulnerabilities that can be exploited.

Serious DoS flaw spotted in WordPress platform - affects most versions

Vulnerability so simple, anyone could use it. Security researchers have discovered a flaw in open source CMS WordPress that would allow a hacker to take down a website through a DoS attack with a single machine.

OWASP vulnerability chart suggests web app devs are not smelling the security coffee

The Open Web Application Security Project (OWASP) has just updated the top ten list of web app vulnerabilities for the first time since 2013. Not much has actually changed.

How do we reconcile the open source security risk with GDPR best practice?

GDPR calls for a documented, systematic approach to evaluating your security measures - including how you patch, but patching Open Source code has its own problems explains Matthew Jacobs and Daniel Hedley.

Linux kernel bug enabled privilege escalation - fixed after 2 years

Linux kernel security bug could have led to privilege escalation - fixed after two years as turned out worse than first thought.

Bashware hacking could put 400 million Windows systems at risk

The Bashware vulnerability allows attackers to take advantage of built-in Linux shell to bypass security software.

Hackers rewrite Jimmy Nukebot malware to change its goals and tasks

Jimmy Nukebot malware trojan becomes more modular to increase flexibility and make static analysis much more complicated - shows ability to adapt to the goals and tasks set before a botnet to take advantage of a new source.

A nine-point blueprint for better Internet of Things security

It's clear that the IoT industry needs to step up, take charge and not place the burden of security at the consumer's doors.

Five common enterprise questions about OpenStack security

Travis McPeak lists the top five OpenStack questions often asked by users and technologists and provides responses to each

Container Security: The Code You Don't Know About

Mike Pittenger discusses what he believes is the most dangerous code in your application, whether standalone or containerised

ICYMI: Lizard DDoS; Botnet growth; Qatari breach; Open source flaws; Ransomware surge

The latest In Case You Missed It (ICYMI) looks at Lizard Squad DDoS, Botnet growth, Qatar bank breached by facists, Hidden Open Source flaws, Ransomware surge.

The wave of a wand won't patch the security bug found in ImageMagick

A security bug in ImageMagick, the free open source image processing software, is allowing cyber-criminals to attack vulnerable servers from afar.

Vendors hiding open-source security flaws in commercial software

The use of open source components in commercial software is more common than even vendors are aware of and it's leaving customers open to unpatched flaws.

White House requires agencies to share custom code with open-source community

The White House is to make federal agencies release their custom code to the open-source community

Open source security: know your code

Adopting open source software isn't a question of "if" anymore, but of "when?" suggests Mike Pittenger.

OpenSSH flaw opens the door to brute force attackers

A flaw in OpenSSH could let attackers bypass limits imposed on password login attempts, to launch brute force attacks and steal credentials.

Free automated open encryption certification launches in September

Describing itself as the first free and automated certificate authority, Let's Encrypt, launches on 14 September.

Will OpenDaylight 'Lithium' release be safe or bipolar?

OpenDaylight's troubles highlight the problems with security in the open source world ahead of Lithium release.

Is commercial open source more secure than proprietary alternatives?

Many IT security professionals are chossing commercial open source solutions for security reasons rather than economy by says Olivier Thierry.

Heartbleed (remediation) has improved open source cybersecurity

The future of computing infrastructure, mobile applications, and personal data protection has been altered by Heartbleed says Joram Borenstein.

Open Heartbleed surgery - securing against further vulnerabilities

David Sandin looks at the implications of using open-source code libraries in vendors' security solution, and the assumptions that lay behind the Heartbleed bug.

Heartbleed slows down the internet

As Hearbleed slows down the internet, experts say that two-factor authentication may the way forward to protect our web sessions.