A New Tool Wants to Save Open Source from Supply Chain Hacks

Sigstore will make code signing free and easy for software developers, providing an important first line of defense...

Platform Update: Akamai Boosts Edge Application Power, Expanding Possibilities for Developers

Welcome to the Akamai Platform Update -- two days of new capabilities and innovations across our edge technology and security product portfolios...

SUSE: Security Advisory (SUSE-SU-2013:0048-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Directory traversal

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

CVE-2021-33203

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

CVE-2021-33203

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

CVE-2021-33203

Django before 2.2.24, 3.x before 3.1.12, and 3.2.x before 3.2.4 has a potential directory traversal via django.contrib.admindocs. Staff members could use the TemplateDetailView view to check the existence of arbitrary files. Additionally, if and only if the default admindocs templates have been...

Important: Red Hat Security Advisory: libwebp security update

An update for libwebp is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from t...

A Peek Inside the Underground Ransomware Economy

Ransomware is not just a type of malware – it’s also at the center of a sophisticated, flourishing underground economy that has all the conventions of legitimate commerce. It’s a community made up of major malware developers, affiliates and channel partners, and those that provide adjacent...

SecOps: Tips for reducing open source vulnerabilities

Check out this infographic to gain insight on enabling a strong DevSecOps culture by ensuring open source code is secure, allowing developers to build quickly and meet business objectives...

[SECURITY] Fedora 32 Update: prosody-0.11.9-1.fc32

Prosody is a flexible communications server for Jabber/XMPP written in Lua. It aims to be easy to use, and light on resources. For developers it aims to be easy to extend and give a flexible system on which to rapidly develop added functionality, or prototype new protocols...

The creation and success of a documentation site

Gain a better understanding of why collaboration between developers and writers is necessary to create a successful documentation site...

Ransomware Going for $4K on the Cyber-Underground

In the cybercriminal underground, ransomware samples and builders are going for anywhere between $300 to $4,000, with ransomware-as-a-service rentals costing $120 to $1,900 per year. That’s according to an analysis by Kaspersky of the three main underground forums where ransomware is circulated...

py-matrix-synapse -- malicious push rules may be used for a denial of service attack.

Matrix developers report: "Push rules" can specify conditions under which they will match, including eventmatch, which matches event content against a pattern including wildcards. Certain patterns can cause very poor performance in the matching engine, leading to a denial-of-service when processi...

Buer Malware Tool Rewritten in E-Z Rust Language

A variant of the Buer malware, which is being distributed in emails disguised as DHL support shipping notices, comes with a fresh code rewrite in the popular Rust language and looks like it may be in the process of prepping for rental to other cybercrooks. Join Threatpost for “Fortifying Your...

[SECURITY] Fedora 33 Update: python3.8-3.8.9-1.fc33

Python 3.8 package for developers. This package exists to allow developers to test their code against an older version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.8, see other distributions that support it, such as an older Fedora release...

[SECURITY] Fedora 32 Update: python39-3.9.4-1.fc32

Python 3.9 package for developers. This package exists to allow developers to test their code against a newer version of Python. This is not a full Python stack and if you wish to run your applications with Python 3.9, update your Fedora to a newer version once Python 3.9 is stable...

Fake Trezor app steals more than $1 million worth of crypto coins

Several users of Trezor, a small hardware device that acts as a cryptocurrency wallet, have been duped by a fake app with the same name. The app was available on Google Play and Apple’s App Store and also claimed to be from SatoshiLabs, the creators of Trezor. According to the Washington Post, th...

[SECURITY] Fedora 32 Update: tor-0.4.5.7-1.fc32

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...

[SECURITY] Fedora 33 Update: tor-0.4.5.7-1.fc33

The Tor network is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Tor's users employ this network by connecting through a series of virtual tunnels rather than makin g a direct connection, thus allowing both organizations and...