Other Attempts to Take Over Open Source Projects

After the XZ Utils discovery, people have been examining other open-source projects. Surprising no one, the incident is not unique:

The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails. These emails implored OpenJS to take action to update one of its popular JavaScript projects to “address any critical vulnerabilities,” yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement. This approach bears strong resemblance to the manner in which “Jia Tan” positioned themselves in the XZ/liblzma backdoor…

Continue reading Other Attempts to Take Over Open Source Projects

Intel, VMware, Linux Foundation & Others Form Open Platform for Enterprise AI

Organizations can contribute to the platform’s GitHub or receive a framework for creating enterprise-grade generative AI systems. Continue reading Intel, VMware, Linux Foundation & Others Form Open Platform for Enterprise AI

Damn Vulnerable RESTaurant: Open-source API service designed for learning

Damn Vulnerable RESTaurant is an open-source project that allows developers to learn to identify and fix security vulnerabilities in their code through an interactive game. “I wanted to create a generic playground for ethical hackers, developers,… Continue reading Damn Vulnerable RESTaurant: Open-source API service designed for learning

New open-source project takeover attacks spotted, stymied

The OpenJS Foundation has headed off a “credible takeover attempt” similar to the one that resulted in a backdoor getting included in the open-source XZ Utils package by someone who called themselves “Jia Tan”. This malicious ma… Continue reading New open-source project takeover attacks spotted, stymied

OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

By Deeba Ahmed
Alarming social engineering attacks target critical open-source projects! Learn how to protect your project and the open-source community from takeovers.
This is a post from HackRead.com Read the original post: OpenSSF Warns of Fake Main… Continue reading OpenSSF Warns of Fake Maintainers Targeting JavaScript Projects

Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools

By Uzair Amir
In the rapidly evolving work environment of today, collaborative scheduling stands out as a foundational pillar for effective…
This is a post from HackRead.com Read the original post: Collaborative Scheduling: Enhancing Team Coordin… Continue reading Collaborative Scheduling: Enhancing Team Coordination With Open-Source Tools

Zarf: Open-source continuous software delivery on disconnected networks

Zarf is a free, open-source tool that enables continuous software delivery on disconnected networks. It currently offers fully automated support for K3s, K3d, and Kind and is also compatible with EKS, AKS, GKE, RKE2, and many other distro services. The… Continue reading Zarf: Open-source continuous software delivery on disconnected networks

Six-year old bug will likely live forever in Lenovo, Intel products

A report from Binarly finds that a silently patched bug in a popular web server will likely live on in several major end-of-life products.

The post Six-year old bug will likely live forever in Lenovo, Intel products appeared first on CyberScoop.

Continue reading Six-year old bug will likely live forever in Lenovo, Intel products