Open Source Community

Snow joke: A Microsoft researcher found it—and it’s somehow Microsoft’s fault ...

By Sarah Banks, Senior Director of Product Management, Corelight As we finished rolling out Corelight’s v21 software release, which saw the delivery of the world’s first 100G, 1U Zeek sensor, I was ...

By Justin Azoff, Senior Staff Engineer, Corelight We’d just upgraded our glibc package from 2.32 to 2.33, when we noticed some peculiar behavior. Glibc 2.32 had a number of minor security issues and ...

According to a recent report by the Internet Security Forum, open source software (OSS) is quickly becoming a pillar within enterprise infrastructure. In fact, OSS is now used in 99% of commercial ...

By Yacin Nadji, Corelight Security Researcher CVE-2020-1472 aka Zerologon, disclosed by Tom Tervoort of Secura, is an illustrative case study of how a small implementation mistake in cryptographic routines cascades into a ...

By John Gamble, Director of Product Marketing, Corelight This summer, Corelight hosted a virtual CTF tournament where hundreds of players raced to solve security challenges using Zeek data in Splunk and Elastic ...

“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft)  By Greg Bell, CEO of ...

By Ben Reardon, Corelight Security Researcher Recently, security research group JSOF released 19 vulnerabilities related to the “Treck” TCP/IP stack. This stack exists on many devices as part of the supply chain ...

By Johanna Amann, Software Engineer, Corelight CVE-2020-13777 is a high severity issue in GnuTLS. In a nutshell, GnuTLS versions between 3.6.4 (released 2018-09-24) and 3.6.14 (2020-06-03) have a serious bug in their ...

By Richard Bejtlich, Principal Security Strategist, Corelight On Tuesday, Jan. 14, 2020, the world learned of the vulnerability du jour, CVE-2020-0601. As explained by Microsoft, “a spoofing vulnerability exists in the way ...