Tags: security

red-team.jpg

Red Team
The Red Team Project uses the same tools, techniques, and procedures used by malicious actors, but in a constructive way to provide feedback and help make open source projects more secure.

New Red Team Project Aims to Help Secure Open Source Software

The Linux Foundation has launched the Red Team Project, which incubates open source cybersecurity tools to support cyber range automation, containerized pentesting utilities, binary risk quantification, and standards validation and advancement. The Red Team Project’s main goal is to make open...
Read 0 Comments

security-2688911_1920.jpg

BackBox
BackBox Linux makes penetration testing easy in various environments.

BackBox Linux for Penetration Testing

Any given task can succeed or fail depending upon the tools at hand. For security engineers in particular, building just the right toolkit can make life exponentially easier. Luckily, with open source, you have a wide range of applications and environments at your disposal, ranging from simple...
Read 0 Comments

Open Source Maintainers Want to Reduce Application Security Risk

According to Snyk’s “State of Open Source Security Report 2019,” which surveyed over 500 open source users and maintainers, 30 percent of developers that maintain open source (OS) projects are highly confident in their security knowledge, which is up from 17 percent the year before. In addition,...
Read 0 Comments

pgp-security.jpg

PGP
If you write code that goes into public source repositories, you can benefit from the practical PGP guidelines provided in this series.

Protecting Code Integrity with PGP — Part 1: Basic Concepts and Tools

Learn PGP basics and best practices in this series of tutorials from our archives.  In this article series, we take an in-depth look at using PGP to ensure the integrity of software. These articles will provide practical guidelines aimed at developers working on free software projects and will...
Read 0 Comments

The URLephant in the Room

Check out this presentation by Emily Stark from the Usenix Enigma 2019 conference. In a security professional’s ideal world, every web user would carefully inspect their browser’s URL bar on every page they visit, verifying that they are accessing the site they intend to be accessing. In reality,...
Read 0 Comments

4 Management Tools for Git Encryption

See how Git-crypt, BlackBox, SOPS, and Transcrypt stack up for storing secrets in Git. There are a lot of great open source tools out there for storing secrets in Git. It can be hard to determine the right one for you and your organization—it depends on your use cases and requirements. To help you...
Read 0 Comments

Runc and CVE-2019-5736

This morning a container escape vulnerability in runc was announced. We wanted to provide some guidance to Kubernetes users to ensure everyone is safe and secure. What Is Runc? Very briefly, runc is the low-level tool which does the heavy lifting of spawning a Linux container. Other tools like...
Read 0 Comments

Kubernetes, Docker, ContainerD Impacted by RunC Container Runtime Bug

The Linux community is dealing with another security flaw, with the latest bug impacting the runC container runtime that underpins Docker, cri-o, containerd, and Kubernetes. The bug, dubbed CVE-2019-5736, allows an infected container to overwrite the host runC binary and gain root-level code access...
Read 0 Comments

Outlaw Shellbot Infects Linux Servers to Mine for Monero

The Outlaw group is conducting an active campaign which is targeting Linux systems in cryptocurrency mining attacks. On Tuesday, the JASK Special Ops research team disclosed additional details (.PDF) of the attack wave which appears to focus on seizing infrastructure resources to support illicit...
Read 0 Comments

Exploiting systemd-journald: Part 1

This is part one in a multipart series (read Part 2 here) on exploiting two vulnerabilities in systemd-journald, which were published by Qualys on January 9th. Specifically, the vulnerabilities were: a user-influenced size passed to alloca(), allowing manipulation of the stack pointer (CVE-2018-...
Read 0 Comments

Pages

Click Here!