Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Three Quarters of Dependency Vulnerability Patches Lead to Breakages, Report Finds

Patches deployed for dependency vulnerabilities cause breakages 75% of the time, a new report has revealed. Minor updates were found to break clients 94% of the time, and for version upgrades this was 95%. Software dependencies — the external code or libraries that a project requires to function properly — are notoriously difficult to manage during application development. Remediating vulnerabilities in dependencies requires a major version update 24% of the time. “Seemingly the most straight-forward…

Read More

CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code

CISA Report Finds Most Open-Source Projects Contain Memory-Unsafe Code

More than half of open-source projects contain code written in a memory-unsafe language, a report from the U.S.’s Cybersecurity and Infrastructure Security Agency has found. Memory-unsafe means the code allows for operations that can corrupt memory, leading to vulnerabilities like buffer overflows, use-after-free and memory leaks. The report’s results, published jointly with the FBI, Australian Signals Directorate’s Australian Cyber Security Centre, and Canadian Cyber Security Center, are based on analysis of 172 critical projects defined…

Read More

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

OpenAI's GPT-4 Can Autonomously Exploit 87% of One-Day Vulnerabilities

The GPT-4 large language model from OpenAI can exploit real-world vulnerabilities without human intervention, a new study by University of Illinois Urbana-Champaign researchers has found. Other open-source models, including GPT-3.5 and vulnerability scanners, are not able to do this. A large language model agent — an advanced system based on an LLM that can take actions via tools, reason, self-reflect and more — running on GPT-4 successfully exploited 87% of “one-day” vulnerabilities when provided with…

Read More

4 Best Open Source Password Managers for Teams in 2024

4 Best Open Source Password Managers for Teams in 2024

Password managers have developed into important tools for businesses to keep all their passwords secure. They store company credentials in encrypted vaults, allow for easier sharing within teams and can be accessed via multiple devices. While the benefits of password managers are undeniable, many options available are proprietary. Proprietary software refers to applications that have code designed and owned by a specific company. Under this setup, the code isn’t modifiable and can only be accessed…

Read More

6 Best Open Source Password Managers for Mac in 2024

6 Best Open Source Password Managers for Mac in 2024

Best overal: MacPass Best for multiplatform support: Bitwarden Best for tech-savvy Mac users: gopass Best for Unix users: QtPass Best open source offline password manager: KeePassX Best for team-level password management: Passbolt Maintaining strong, unique passwords for every online account is essential for Mac users seeking to enhance their digital security and privacy. While proprietary password managers offer convenience, open source alternatives provide transparency by allowing public scrutiny of their code, ensuring trustworthiness and strong…

Read More

6 Best Open Source Password Managers for Windows in 2024

6 Best Open Source Password Managers for Windows in 2024

Best overall: Bitwarden Best for security and data protection: Keeper Best for offline password management: Enpass Best for password storage: Proton Pass Best free Windows password manager: KeePass Best Windows password manager for team collaboration: Passbolt Today, most password managers are either closed-source, hybrid or open-source. While closed-source password managers don’t publicly share their codes for users to modify, open-source password managers do share their codes with a community of users to revise or update…

Read More

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

XZ Utils Supply Chain Attack: A Threat Actor Spent Two Years to Implement a Linux Backdoor

A threat actor quietly spent the last two years integrating themself in the core team of maintainers of XZ Utils, a free software command-line data compressor widely used in Linux systems. The attacker slowly managed to integrate a backdoor in the software that was designed to interfere with SSHD and allow remote code execution via an SSH login certificate. The backdoor was discovered a few days before being released on several Linux systems worldwide. The…

Read More

Open Source Password Managers: Overview, Pros & Cons

Open Source Password Managers: Overview, Pros & Cons

Password managers are becoming increasingly popular. Fueled by the frequency with which user passwords can be compromised via phishing and brute force techniques, password managers are now seen as a more secure alternative. There are many proprietary password managers on the market for those who want an out-of-the box solution, and then there are open source password managers for those wanting a more customizable option. In this article, we explain how open source password managers…

Read More

Google Adds Gemini Pro API to AI Studio and Vertex AI

Google Adds Gemini Pro API to AI Studio and Vertex AI

Starting Dec. 13, developers can use Google AI Studio and Vertex AI to build applications with the Gemini Pro API, which allows access to Google’s new generative AI model. Google’s initial rollout of Gemini was limited to Google Bard and the Pixel 8 Pro, so Wednesday’s general availability of Gemini for Google AI Studio and Vertex AI marks the first test of Gemini for enterprise developers. AI Studio and Vertex AI with Gemini can help…

Read More

Sekoia: Latest in the Financial Sector Cyber Threat Landscape

Sekoia: Latest in the Financial Sector Cyber Threat Landscape

A new report from French-based cybersecurity company Sekoia describes evolutions in the financial sector threat landscape. The sector is the most impacted by phishing worldwide and is increasingly targeted by QR code phishing. The financial industry also suffers from attacks on the software supply chain and stands among the most targeted sectors impacted by ransomware in 2023. And an increase in attacks on Android smartphones affects the sector, both for cybercrime and cyberespionage operations. Jump…

Read More
1 2