Researchers have discovered threat actors launching zero-day attack against packages in the Python Package Index (PyPI) repository.
As the catastrophic Log4j vulnerability continues to cause havoc on the internet and organizations, Google in collaboration with security firm Code Intelligence has released an update to open source fuzzer (OSS-Fuzz) that can detect the Log4Shell vulnerability.
Microsoft has open sourced CodeQL queries used to scan for Solorigate malware activity that matches the SolarWinds supply-chain attack.
Microsoft has released the October 2020 Security updates that includes patches for 87 vulnerabilities, 11 of them rated Critical. The update also includes a patch for a Critical “Bad Neighbor” vulnerability and two out-of-band patches.
Jenkins, a popular open source automation server software, has patched a Critical buffer corruption vulnerability CVE-2019-17638 in bundled Jetty.
Microsoft released the March 2020 Security Updates that include 115 unique vulnerability fixes, 26 of those rated critical. This is the largest patch release in Microsoft’s history. Microsoft also issued guidance and a new security update to fix an SMBv3 RCE vulnerability dubbed SMBGhost.
Microsoft has introduced a new source code analyzer tool dubbed Microsoft Application Inspector. The tool is designed to “identify interesting features in source code” and can help enable developers understand software components your apps use.
GitHub, one of the world’s leading software development platforms, has launched GitHub Security Lab with aim to secure open source software.
The CERT Coordination Center (CERT/CC) has released a security advisory describing multiple vulnerabilities that impact Broadcom WiFi chipset drivers. Four vendors have confirmed they are impacted at the time of the latest published advisory on Wednesday.
Does your organization have any Redis servers exposed to the internet? If so, you should disconnect them from the public and ensure Redis services are exposed to only “trusted” environments such as your internal company network.