Linux Backdoor Infection Scare, Massive Social Security Number Heist

In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained ...

Backdoor in XZ Utils That Almost Happened

Last week, the Internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s ...

Federal Support for Open-Source Security

In an unexpected move, the U.S. Cybersecurity and Infrastructure Security Agency (CISA) has announced an initiative aimed at bolstering the security posture of open-source software developers. This initiative, as reported by Axios, ...

XZ Utils Backdoor

The cybersecurity world got really lucky last week. An intentionally placed backdoor in XZ Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have ...

Linux Kernel 6.8 Released: New Features and Hardware Support

Linus Torvalds recently announced the release of Linux kernel 6.8, the latest stable version of the Linux kernel. This update brings a plethora of new features and improvements, making it a significant ...
IONIX software supply chain, secure, Checkmarx Abnormal Security cyberattack supply chain cybersecurity

Mitigating Lurking Threats in the Software Supply Chain

The first step to addressing software supply chain vulnerabilities and threats is to understand the most common attacks. Here's where to start ...
Security Boulevard

New SSH-Snake Worm-Like Tool Threatens Network Security

The Sysdig Threat Research Team (TRT) discovered that a threat actor is leveraging an open-source network mapping tool called SSH-Snake for malicious activities. This tool utilizes SSH credentials found on the compromised ...
Pickle overlaying Python code snippet for the fickling tool

Relishing new Fickling features for securing ML systems

By Suha S. Hussain We’ve added new features to Fickling to offer enhanced threat detection and analysis across a broad spectrum of machine learning (ML) workflows. Fickling is a decompiler, static analyzer, ...
How we applied advanced fuzzing techniques to cURL

How we applied advanced fuzzing techniques to cURL

By Shaun Mirani Near the end of 2022, Trail of Bits was hired by the Open Source Technology Improvement Fund (OSTIF) to perform a security assessment of the cURL file transfer command-line ...
Falco Edgio Salt Security APIs, organizations, Open APIs API CIS COVID-19 cybersecurity

CNCF Graduates Falco Project to Improve Linux Security

The Cloud Native Computing Foundation (CNCF) announced today that Falco, an open source tool for defining security rules in Linux environments, has officially graduated ...
Security Boulevard