Google announces Scorecard V4 in partnership with GitHub and OpenSSF

Since Google and OpenSSF's July 2021 announcement of Scorecards V2, the Scorecards project has grown steadily to over 40 unique contributors and 18 implemented security checks.

WhiteSource Open Source Tool Can Discover Log4j Vulnerabilities

WhiteSource has made available an open-source tool to detect vulnerable instances of Log4j logging software. The recently disclosed flaw allows attackers to launch an RCE attack via Java applications.

Google unleashes security 'fuzzer' on Log4Shell bug in open-source software

To seek out Log4Shell vulnerabilities in newly built open-source software, Google is partnering with security firm Code Intelligence to provide continuous fuzzing for Log4j.

Microsoft launches center for reporting malicious drivers

The new Vulnerable and Malicious Driver Reporting Center allows users to upload a copy of a malicious driver, which gets uploaded and analyzed by a Microsoft automated scanner.

XMGoat: Open-source pentesting tool for Azure

XMGoat is an open-source tool that enables penetration testers, red teamers, security consultants, and cloud experts to learn how to abuse different misconfigurations within the Azure environment.

Microsoft extends Secured-core concept to servers

Microsoft has extended the Secured-core concept to servers, and to Windows Server and Azure Stack HCI to make the hardware less susceptible to firmware attacks and running unverified code.

Latest Firefox 95 Includes RLBox Sandboxing to Protect Browser from Malicious Code

The new sandboxing technology in Firefox called RLBox prevents untrusted code and other security vulnerabilities from causing "accidental defects as well as supply-chain attacks."

Pip-audit: Google-backed tool probes Python environments for vulnerable packages

Pip-audit leverages the PyPI JSON API to compare dependencies against the Python Packaging Advisory Database – a repository of security advisories that collects much of its data from the NVD CVE feed.

VirusTotal Introduces 'Collections' to Simplify IoC Sharing

Chronicle-owned VirusTotal this week announced VirusTotal Collections, a new resource aimed at making it easier for security researchers to share Indicators of Compromise (IoCs).

New differential fuzzing tool reveals novel HTTP request smuggling techniques

Researchers have released a new fuzzing tool used for finding novel HTTP request smuggling techniques. The tool, dubbed ‘T-Reqs’, was built by a team from Northeastern University, Boston, and Akamai.

Defend Against Threats with Cyber Fusion

Cyware is the leading provider of cyber fusion solutions that power threat intelligence sharing , end-to-end automation and 360-degree threat response.

Trending Tags