Google on Thursday announced that it's seeking contributors to a new open source initiative called Graph for Understanding Artifact Composition, also known as GUAC, as part of its ongoing efforts to beef up the software supply chain. "GUAC addresses a need created by the burgeoning efforts across the ecosystem to generate software build, security, and dependency metadata," … [Read more...] about Google Launches GUAC Open Source Project to Secure Software Supply Chain
software
NullMixer simulates pirated software and delivers malware
Downloading pirated software is always a lottery: some get lucky, other less so: the user might end up losing even more money than they’d pay for a license. We’ve already talked a lot about various types of malware that hide under the guise of pirated games and spread through torrents. Recently, our researchers published a new study of the NullMixer dropper — another widespread … [Read more...] about NullMixer simulates pirated software and delivers malware
Hackers Targeting VoIP Servers By Exploiting Digium Phone Software
VoIP phones using Digium's software have been targeted to drop a web shell on their servers as part of an attack campaign designed to exfiltrate data by downloading and executing additional payloads. "The malware installs multilayer obfuscated PHP backdoors to the web server's file system, downloads new payloads for execution, and schedules recurring tasks to re-infect the host … [Read more...] about Hackers Targeting VoIP Servers By Exploiting Digium Phone Software
Threat Detection Software: A Deep Dive
As the threat landscape evolves and multiplies with more advanced attacks than ever, defending against these modern cyber threats is a monumental challenge for almost any organization. Threat detection is about an organization's ability to accurately identify threats, be it to the network, an endpoint, another asset or an application – including cloud infrastructure and … [Read more...] about Threat Detection Software: A Deep Dive
Elastic on Elastic: How we saved $100,000/month by keeping our own software up to date
Let's start with the bottom line: When we upgraded to Elasticsearch 7.15 last year, our internal observability clusters saw a reduction in inter-node traffic from 464TB to 204.5TB per day. We monitored this reduction through subsequent upgrades and noticed its impact on our data transfer and storage costs. So here it is: upgrading saved Elastic $3,500 per day, or approximately … [Read more...] about Elastic on Elastic: How we saved $100,000/month by keeping our own software up to date
Multiple Security Flaws Discovered in Popular Software Package Managers
Multiple security vulnerabilities have been disclosed in popular package managers that, if potentially exploited, could be abused to run arbitrary code and access sensitive information, including source code and access tokens, from compromised machines. It's, however, worth noting that the flaws require the targeted developers to handle a malicious package in conjunction with … [Read more...] about Multiple Security Flaws Discovered in Popular Software Package Managers
Performance and Security Software for Macbook
We use Internet-enabled devices in every aspect of our lives today—to find information, shop, bank, do homework, play games, and keep in touch with friends and family. As a result, our devices contain much personal information about us. Also, any great device will get a little clunky and slow over time and the Mac is no exception, and the whole "Macs don't get viruses" claim is … [Read more...] about Performance and Security Software for Macbook
Critical Flaws Uncovered in Pentaho Business Analytics Software
Multiple vulnerabilities have been disclosed in Hitachi Vantara's Pentaho Business Analytics software that could be abused by malicious actors to upload arbitrary data files and even execute arbitrary code on the underlying host system of the application. The security weaknesses were reported by researchers Alberto Favero from German cybersecurity firm Hawsec and Altion Malka … [Read more...] about Critical Flaws Uncovered in Pentaho Business Analytics Software
Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Cybersecurity researchers on Tuesday disclosed nine security vulnerabilities affecting three open-source projects — EspoCRM, Pimcore, and Akaunting — that are widely used by several small to medium businesses and, if successfully exploited, could provide a pathway to more sophisticated attacks. All the security flaws in question, which impact EspoCRM v6.1.6, Pimcore Customer … [Read more...] about Several Bugs Found in 3 Open-Source Software Used by Several Businesses
Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software
A malware known for targeting macOS operating system has been updated once again to add more features to its toolset that allows it to amass and exfiltrate sensitive data stored in a variety of apps, including apps such as Google Chrome and Telegram, as part of further "refinements in its tactics." XCSSET was uncovered in August 2020, when it was found targeting Mac developers … [Read more...] about Nasty macOS Malware XCSSET Now Targets Google Chrome, Telegram Software