Lmst

Thank you Brittany Day, Linux Security for your insightful coverage of #VulnCon25!

This article highlights critical developments in vulnerability management including metadata improvements, supply chain security measures, EU Cyber Resilience Act impacts and emerging security baseline standards.

Read more: https://go.first.org/zeokh

#cybersecurity #OpenSourceSecurity #VulnerabilityManagement

Version 0.2 of Bytes Revealer is out. @vulnexsl open source and powerful hex editor, Cool new features: export analysis de JSON, Data Inspector, light/dark mode, detailed file signatures, and more! Enjoy 😊 #reversing #AppSec #CyberSecurity #opensource #opensourcesecurity https://bytesrevealer.online

Join us for this week's security communications drill designed to strengthen your communication skills during the chaos of a critical open-source vulnerability!

You’ll practice:

➡️ Creating effective technical communications for diverse stakeholders
➡️ Managing sensitive non-public vulnerability information
➡️ Coordinating emergency response across engineering teams
➡️ Balancing immediate mitigation with long-term security strategy
➡️ Leveraging personal relationships in the open-source community

Remember, you can now choose from two different time slots to fit your schedule. 💛

Register at DiscernibleInc.com/drills

#IncidentResponse #SecurityComms #OpenSourceSecurity

This episode of #OpenSourceSecurity I chat with Dimitri Stiliadis of @endorlabs about the tj-actions/changed-files backdoor

Endor did some great research into how many repos were affected and we cover some of the background on this attack. It's way weirder than you can imagine

https://opensourcesecurity.io/2025/2025-04-tjactions_with_dimitri_stiliadis/

Breaking threat alert from DigitalOcean and Microsoft Azure! Mass exploitation campaign detected by actor codenamed Goofy Khaki Flamecrest. Find out about the 4 key events that characterized the campaign 👇

On the 15th of April, we detected a coordinated exploitation effort that included over 1,300 machines at its peak. The machines were small to medium-sized VPCs in public clouds such as Microsoft Azure and DigitalOcean. Using our comprehensive threat intelligence data, we were able to get a clear view of the exploitation campaign.

🔥Campaign Timeline:
The campaign timeline can be divided into 4 key sections:

1. 8th of April: The attacker launches a small-scale reconnaissance campaign using ~100 rented machines from a small Indonesian-based company. The reconnaissance involves exploits such as CVE-2021-41773 and CVE-2021-42013 for Apache Server to find vulnerable web servers.

2. 13th of April: The attacker kicks off the attack and delivers payloads using the previously used machines. The attack self-propagates as captured machines quickly start infecting other machines. At the peak of the two-day campaign, CrowdSec observed around 1,300 IPs from a broad range of server providers.

3. 16th of April: On the 3rd day of the campaign, the first cloud provider steps in with remediation. Microsoft Azure takes down all infected machines in direct action, dropping around ~400 machines from the network. Other server providers follow suit over the next few days.

4. 20th of April: DigitalOcean, the last remaining big provider, stops the propagation of Goofy Khaki Flamecrest on its servers. The attack gradually fades, leaving roughly 20 machines from various smaller Autonomous Systems operational.

💡 Further Information
🔹The most aggressive IPs involved in Goofy Khaki Flamecrest can be tracked using the CrowdSec CTI: https://app.crowdsec.net/cti?q=classifications.classifications.label%3A"Attacker+Group%3A+goofy+khaki+flamecrest"+AND+(reputation%3Amalicious+OR+reputation%3Asuspicious+OR+reputation%3Aknown)&page=1

🔹At the time of the detection, about 50% of the IPs involved in the attack were flagged as malicious in our Threat Intelligence database.

🔹The attack shows that fast response by VPC providers is an important metric to track. The longer affected machines stay online, the more opportunities arise to propagate the attack. Smaller MSSPs are especially vulnerable, as a failure to act can result in their IP ranges being blocked by other providers.

✅ Keeping tabs:
If you are an MSSP looking to get ahead of even Microsoft in taking down infected machines, you can inquire our sales team about Am I Attacking, a bespoke service where we proactively monitor your IP ranges to alert you if one of your machines starts showing up on our radar: https://crowdsec.net/business-requests?utm_source=mastodon&utm_medium=social&utm_campaign=threat-alert-250425

#cybersecurity #cohortattack #threaintel #opensourcesecurity #infosec #zeroday #blueteam

📬 You've Got Mail – and It's Full of Good Stuff!
Sign up for our newsletter and stay in the loop with:

🔄 Monthly updates
💡 Security insights & tips
💸 Exclusive deals
🚫 100% spam-free – promise!

Open your inbox to smarter, safer content.
👉 Subscribe now! https://newsletter.cryptomator.org/subscription/form

#PrivacyFirst #CyberSecurity #DataProtection #NewsletterSignup #TechTips #NoSpam #OpenSourceSecurity #InboxUpgrade #Cryptomator #Newsletter

📻 I enjoyed the #OpenSourceSecurityPodcast this week with

👤 https://infosec.exchange/@joshbressers and
👤 @popey
of
🏢 @anchore

I used #Syft/ #Grype on a few OCI containers recently and was horrified to discover one had some nasty issues lurking within.

Great tools which I intend to use any time I handle OCI containers. Looking forward to trying Grant soon.

Thank you

🔗 https://opensourcesecurity.io/2025/2025-04-syft-grype-grant-alan-pope/
🔗 https://anchore.com/opensource/

#OpenSourceSecurity
#CyberSecurity
#SBOM
#Vulnerabilities

One typo can open the door to malicious code.

On the latest episode of Nerding out with Viktor, we examine the ongoing threat of package squatting and why naming is a security issue.

How safe are your dependencies, really?

https://vpetersson.com/podcast/S02E07.html

#DevSecOps #OpenSourceSecurity #SoftwareSupplyChain

CVE Foundation Launched to Secure the Future of the CVE Program

https://www.thecvefoundation.org/home

#HackerNews #CVE #Foundation #CVE #Program #Cybersecurity #VulnerabilityManagement #SecureFuture #OpenSourceSecurity

Think APTs and open source don't mix? Think again. Sadly, it's happening right now. 🤯

Case in point: UNC5174 (with suspected China links) is actually using tools like SNOWLIGHT & VShell to hit Linux systems.

It's just another stark reminder, isn't it? Open source is fantastic, no doubt, but it's definitely not secure right out of the box. You've *really* got to be smart about the tools you choose and make sure those systems are properly hardened.

And get this – AI is apparently even helping attackers figure out new ways to misuse these tools. Just great. 🤦‍♂️

On the bright side, this is exactly the kind of nasty surprise a thorough pentest can dig up. Believe me, clients are always *way* happier when we find these things before the actual threat actors do. 😉

So, what have you seen out there regarding open source security? And what are your go-to tools for locking down Linux environments? Let's hear it! 🤔

#APT #Linux #Security #Cybersecurity #OpenSourceSecurity

🕯️ Behind the Code: Why Open Source Matters for Small Business Survival #OpenSource #Cybersecurity #SmallBusinessSecurity #DigitalFreedom #TransparentTech #PrivacyMatters #SecureByDesign #FOSS #InfoSec #SecurityAwareness #DataProtection #ZeroTrust #AuditTheCode #OpenSourceSecurity #TrustButVerify #TechTransparency #MatrixProtocol #Passbolt #Bitwarden #Nextcloud #OpenSourceTools #SecurityFirst #DigitalSovereignty #TechEthics #SecurityForAll

http://tomsitcafe.com/2025/04/11/%f0%9f%95%af%ef%b8%8f-behind-the-code-why-open-source-matters-for-small-business-survival/

🚨 62% of open source stewards lack dedicated personnel for incident response—a key CRA requirement.

Learn more in our full report: https://www.linuxfoundation.org/research/cra-readiness?hsLang=en

#CRA #EUcompliance #OpenSourceSecurity #LinuxFoundationEurope

BIOS level hacking has always been one of the stealthiest and most dangerous forms of attack. Operating beneath the OS, malware embedded in firmware can survive drive wipes and reinstalls. While rare, these attacks are very real. From state actors using BIOS implants for espionage to researchers demonstrating how firmware can be weaponized, this layer is often ignored until it is too late. Projects like Libreboot and Coreboot aim to replace proprietary firmware with open alternatives, giving users more control and reducing the risk of hidden vulnerabilities.

#FirmwareSecurity #BIOSHacking #Coreboot #Libreboot #CyberSecurity #LowLevelThreats #OpenSourceSecurity

🚨 OpenSSF community is heading to Denver for #OpenSSFCommunity Day NA 2025 on June 26!
AI security, SBOM tooling, real-world TTX, and more — all in one day.
🌄 Co-located with #OSSummit
🛡️ Agenda is live — register now!
🔗 https://openssf.org/blog/2025/04/09/openssf-community-day-na-2025-agenda-live/
#CyberSecurity #OpenSourceSecurity

Inside the Silence: The Daemon Watches You #Cybersecurity #HackerMindset #ThreatIntelligence #DigitalSurveillance #PersistentThreats #CyberAwareness #SmallBusinessSecurity #Infosec #CyberThreats #SecurityTips #OPSEC #CyberDefense #AttackSurface #DigitalPrivacy #OpenSourceSecurity #ThreatModeling #CyberProtection #SecurityStrategy #AdversaryEmulation #SecurityAwareness

http://tomsitcafe.com/2025/04/09/%f0%9f%95%b6%ef%b8%8f-inside-the-silence-the-daemon-watches-you/

AI is transforming vulnerability management.

Discover how AI-powered Software Posture Management (SPM) is changing the game for vulnerability detection and remediation. From proactive risk management to smarter decision-making, learn how enterprises can secure their software supply chains with confidence.

Read the blog to explore the future of AI in vulnerability management: https://www.activestate.com/uncategorised/ai-spm-vulnerability-management-detection/

#AI #VulnerabilityManagement #DevSecOps #OpenSourceSecurity