Intelligence framework Octosuite is now available on GitHub
Version 3.1.0 of the open source intelligence (OSINT) framework Octosuite has just been made available on GitHub. Octosuite, a Python-based tool, offers a safe and intuitive interface for quickly searching and exploring data pertaining to a repository, organisation, or user. To identify pertinent data fast, it also searches for themes, commits, and issues. Every search result is exported in a CSV file that can be read by other programs.
Users can begin using Octosuite through a command-line interface (CLI) or graphical user interface. While the latter allows users to search commands from a dropdown menu, CLI is more flexible when processing data in batches.
After installing Octosuite, the user must launch it in the terminal. Octosuite will make an effort to establish three directories at launch time — logs for storing session logs, output for saving CSV files, and download for saving source code via the source command.
Since 26 per cent of firms now use open source investigative tools, the market for open source intelligence is anticipated to develop significantly over the next five years.
For open source investigators, security researchers, and anyone who wants to quickly examine and probe data hosted on GitHub, Octosuite is a crucial tool. For instance, it can be used to look into instances like the 2022 GitHub malware attack, in which a single user account compromised more than 35,000 repositories.
New open source ecosystems will receive up to US$ 28 million from NSF in funding
The National Science Foundation (NSF) in the US is aiming to promote the growth of open source ecosystems in STEM (science, technology, engineering and mathematics) subjects, according to a release. The ‘Pathways to Enable OpenSource Ecosystems’ or POSE programme will not provide funding for currently operating open source ecosystems, tools, or products but will instead concentrate on assisting fresh open source ecosystems. The POSE programme’s objectives, according to the statement, are to increase the number of academics and innovators working on and contributing to open source ecosystems, and to establish risk-free and secure development and contribution channels for high-impact ecosystems.
The estimated budget for NSF’s 30 to 50 awards is US$ 27.8 million. Many of the projects that it funds “result in publicly accessible, changeable, and distributable
open source solutions, including software, hardware, models, specifications, programming languages, or data platforms that spark additional innovation,” according to NSF.
The agency’s Directorate for Technology, Innovation and Partnerships, in collaboration with the other NSF directorates, developed the POSE initiative, which is accessible for research and innovation by all STEM open source ecosystems. The POSE programme will serve as a “pathway to translate scientific and engineering innovations,” according to the statement.
Hewlett Packard issues a critical open source bug alert
A use-after-free vulnerability that enables remote attackers to execute arbitrary code on targeted systems, leak data, or set up the perfect environment for a denialof-service (DoS) attack was the subject of a critical alert released by Hewlett Packard Enterprise (HPE) recently in connection with its OneView infrastructure management platform.
The use of Expat XML parser, third-party software, is linked to the bug. With a severity level of 9.8, HPE has assigned the bug the CVE-2022-40674 tracking number. Many other vendors’ enterprise-class software have also been harmed by the susceptible code, including NetApp and IBM, both of which have sent customers critical warnings to address the same fault.
Linux Foundation gets the StarRocks Project
The StarRocks Project, a highperformance analytical database, has been donated to the Linux Foundation by CelerData, a unified analytics platform specifically created for the modern enterprise. As a result, the project will continue to develop and flourish as part of the open source community. This contribution was made following the news in December last year that StarRocks would switch from an Elastic License to an Apache License.
Since its inception in 2020, the StarRocks Project has been a standalone endeavour with publicly accessible source code. More than
500 businesses, including market leaders Lenovo and Airbnb, have successfully launched digital transformation programmes with the aid of StarRocks. It helps developers integrate OLAP, data lakes, and realtime analytics onto a single engine and data pipeline. StarRocks utilises CPU processing power and SIMD (single instruction, multiple data) to improve performance, thanks to its columnar storage engine and fully vectorized operators.
The StarRocks Project has received awards for its product innovation in data analytics. These awards include being named the winner of the BIG Innovation Awards, a finalist in The Cloud Awards for
Best Cloud Business Intelligence or Analytics Solution, and the Intellyx’s Digital Innovator Award.
“The Linux Foundation is delighted to welcome the StarRocks Project into its family of open source projects,” said Mike Woster, Linux Foundation’s chief revenue officer. “By providing a neutral home for collaboration, the Linux Foundation is able to bring together talented individuals and organisations from around the world to collaborate on building innovative solutions and technologies for shared benefit.”
Checkmarx introduces Supply Chain Threat Intelligence for threat identification
Supply Chain Threat Intelligence, which provides detailed threat intelligence on hundreds of thousands of malicious packages, contributor reputation, malicious behaviour, and more, is now available, according to Checkmarx, a leader in developer-centric application security solutions.
Supply Chain Threat Intelligence, based on exclusive research by Checkmarx Labs, provides:
● Identification of harmful packages by attack type, such as dependency confusion, typosquatting, chainjacking, and more.
● Analysing the reputation of contributors by spotting unusual activity in open source packages.
● Information on malicious package behaviour, including static and dynamic analysis of the code to understand how it functions.
● A data lake with over a million packages scanned each month that enables continued research of packages long after they have been purged from package managers.
As an application programming interface (API), Checkmarx Supply Chain Threat Intelligence is supplied in a variety of dashboards and development environments. Users transmit a package name and version, and receive threat intelligence on the package after receiving a special token from Checkmarx.
The API benefits security experts and developers by identifying potential dangers in open source software packages quickly and simply, helping gain insight into the thought process of threat actors, getting information on many packages at once using bulk inquiries, keeping up with cyber threats with real-time updates and notifications on new and developing hazards, and acquiring important context and insights on identified threats to guide security choices.
“In 2022, Checkmarx researchers exposed some of the most prolific open source attack groups, including RED-LILI and Lofygang,” said Checkmarx CEO Emmanuel Benzaquen. “Given the dramatic proliferation of malicious open source packages from organised attack groups, we’re pleased to empower security stakeholders by revealing adversarial motives, tactics, techniques and procedures in a constantly updated intelligence feed.”
Wazuh helps track, archive and index Kubernetes audit logs
Depending on the region and industry in which they operate, corporations must adhere to a number of policies. Some of these regulations, like GDPR,
improve the IT infrastructure’s cyber-resilience. Organisations must make sure that the Kubernetes cluster complies with all applicable regulations and security best practices because it is a component of the IT infrastructure. The log retention policy is one of the requirements that may be found in most IT policy documents. How long you should keep logs on file depends on your log retention policy. These logs can be used for incident investigation and active monitoring to find hazards.
To find security dangers and abnormalities, companies must keep an eye on the audit logs. In order to find pertinent information during an incident investigation, they must also index the logs. The Kubernetes audit logs are tracked, archived, and indexed by Wazuh. Wazuh is an integrated XDR and SIEM platform that is open source. It receives more than 10 million downloads annually and is commercial-free.
The Wazuh development team offers a comprehensive manual on using Wazuh to audit Kubernetes. The manual provides instructions for setting up the Wazuh server so that it can receive and handle Kubernetes audit logs.
Kubernetes is regarded as the foundation of application modernisation by enthusiasts. When applications are deployed over multiple servers and containers, their complexity increases. Kubernetes provides an open source API that controls where and how those containers will run in order to manage this complexity.
Researchers discover more than 700 malicious packages
Another sizable collection of malicious packages, which developers may unknowingly download from the npm and PyPI open source registries, has been uncovered by security experts. Sonatype reported finding 691 malicious npm packages and 49 malicious PyPI components in January this year, both of which contained crypto-miners, remote access Trojans (RATs), and other harmful software.
The same harmful software is included in several packages. A Trojan called go file uses Linux systems to mine cryptocurrencies. According to Sonatype, sixteen of these were linked to the same actor, trendava, who has since been taken off the npm registry.
The PyPI malware ‘minimums’, which is intended to verify the presence of a virtual machine (VM) before execution, was discovered separately.
The security provider also found brand-new Python malware with traits of both a RAT and an information thief. Finally, it discovered ‘infinitebrahamanuniverse’, a suspicious-looking developer, who uploaded over 33,000 packages that were described as sub-packages of ‘no-one-left-behind’, or ‘nolb’.
VVenC and VVdeC H.266 video encoder and decoder now run on x86 and Arm
Open source H.266/VCC video encoder and decoder VVenC and VVdeC are both optimised for SIMD (single instruction, multiple data) instructions on x86 (SSE42/ SIMDe and AVX2) and Arm, while the decoder is compatible with Windows, Linux, macOS, and Android. In 2020, the H.266 video compression standard, also known as VCC (versatile video coding), was approved with the promise of a 50 per cent data reduction over the previous H.265/HEVC standard while maintaining the same visual quality. Since that announcement, there have been no new developments, but the Realtek RTD1319D processor, which was unveiled last September and supports both 4K H.266 and AV1 video decoding, and the advancements made on the VVenC and VVdeC H.266 open source software encoder/decoder, which were discussed at FOSDEM 2023, may be changing that.
The Fraunhofer HHI group has been working on VVdeC and VVenC since the specifications were finalised in 2022. Both are based on VTM reference software for VCC, are written in C++ with a pure C interface, implement vectorization without the use of an assembler, and are provided under a BSD 3-Clause Clear licence that grants no patent rights. The source code for both is accessible on GitHub. VVdeC is fully Main10 profile compliant, supports more than 30 threads, runs on Windows, Linux (x86, Arm, RISC-V…), macOS (x86 and Arm), and Android. Since the first release, memory usage has been decreased by three times, and the developers are still making incremental advancements.
The VVenC open source H.266 encoder has five settings -- faster, fast, medium, slow, and slower -- each of which offers a balance between quality and encoding speed. It is designed for offline use and VoD (Video-on-Demand) operations. It is now possible to incorporate VVenC and VVdeC into FFmpeg via third-party patches, which enables inclusion into mpv, VLC, and ExoPlayer.
Imply Polaris wins ‘Best Open Source Cloud Solution’ award
Imply, the business established by the original developers of Apache Druid, announced that Imply Polaris has won the ‘Best Open Source Cloud Solution’ honour at The Cloud Awards, a global competition for cloud computing. Polaris offers an easy developer experience for creating real-time analytics apps, as a cloud database solution for Apache Druid.
The real-time analytics database Apache Druid, which is used by developers at thousands of companies including Confluent, Netflix, Target, and Salesforce to power real-time analytics applications, has a true database-as-a-service offering in the form of Imply Polaris, which was unveiled in March 2022.
When serving sub-second queries on terabytes to petabytes of streaming, and batch data at hundreds to thousands of queries per second, developers select Apache Druid. They use Imply Polaris as their Druid deployment option because it offers a service that reduces time to market, boosts developer productivity, and lowers Druid operating costs in general.
“We are absolutely thrilled to receive this award,” stated FJ Yang, CEO and cofounder of Imply. “It’s extra special to us because this award is about open source and cloud — the two things that drive what we do for our customers every day. We believe developers want open source technology, and they want to consume it as cloud services. That’s why we built Imply Polaris for Apache Druid, and that’s why we’re so proud today.”
CISA develops ESXiArgs ransomware recovery tool
The ESXiArgs ransomware attacks, which were discovered for the first time on February 3 this year, take advantage of the high-severity ESXi remote code execution vulnerability CVE-2021-21974 that VMware addressed in February 2021. The flaw is being used by hackers to spread malware that targets virtual machines and encrypts files. There is currently no proof to support the cybercriminals’ claims that they have stolen data, despite their threats to disclose it.
Technical information and a proof-of-concept (PoC) exploit for CVE-2021-21974 have been available for almost two years, but up until now there has been no sign of in-the-wild exploitation. Since there is no proof that the ESXiArgs attacks used a zero-day vulnerability, VMware is advising customers to take precautions. There are presently about 2,000 hacked ESXi servers, according to the Censys and Shodan search engines. It’s important to note that Censys has found less compromised systems recently, which suggests that affected businesses have been patching up their networks.
An examination of the ESXiArgs attack reveals that after a server has been compromised, the attacker uploads a number of files, including an encryptor, a shell script controlling the attack flow, a public RSA encryption key, and a ransom note, to the /tmp folder.
BlackBerry researchers conducted an analysis, and found that the shell script is in charge of altering the names of VMX configuration files, terminating VMX processes, locating and encrypting VM-related files, posting the ransom note on the targeted system, and erasing the originals of the encrypted files.
The procedures users must follow to recover their data have been laid forth by security experts Enes Sonmez and Ahmet Aykac. CISA has developed an ESXiArgs ransomware recovery solution that decrypts virtual drives that were not encrypted by the malware using the researchers’ tutorial and other publicly accessible information.