This site uses cookies to improve your experience. To help us insure we adhere to various privacy regulations, please select your country/region of residence. If you do not select a country, we will assume you are from the United States. Select your Cookie Settings or view our Privacy Policy and Terms of Use.
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Used for the proper function of the website
Used for monitoring website traffic and interactions
Cookie Settings
Cookies and similar technologies are used on this website for proper function of the website, for tracking performance analytics and for marketing purposes. We and some of our third-party providers may use cookie data for various purposes. Please review the cookie settings below and choose your preference.
Strictly Necessary: Used for the proper function of the website
Performance/Analytics: Used for monitoring website traffic and interactions
Even if you don’t have the training data or programming chops, you can take your favorite opensource model, tweak it, and release it under a new name. According to Stanford’s AI Index Report, released in April, 149 foundation models were released in 2023, two-thirds of them opensource.
Google is open-sourcing SynthID, a system for watermarking text so AI-generated documents can be traced to the LLM that generated them. Unlike many of Mistral’s previous small models, these are not opensource. This model is based on the opensource Llama, and it’s relatively small (70B parameters).
Tracee is an opensource runtime security and forensics tool for Linux that is powered by eBPF and is more optimized for secure tracing. In this blog, we’ll explore the ways to control eBPF events and examine a case of using a BPF event to capture rootkits, a sophisticated type of malware that lives in the kernel space.
One of the most common cryptomining threats for cloud environments is the Kinsing malware. Kinsing is a notorious malware family active for several years, primarily targeting Linux-based cloud infrastructure. The Kinsing malware uses different locations to stay undetected and hides itself as a system file.
Meanwhile, Tenable did a deep dive on DeepSeeks malware-creation capabilities. And get the latest on vulnerability prioritization; CIS Benchmarks and opensource software risks. To get all the details, read the blog DeepSeek Deep Dive Part 1: Creating Malware, Including Keyloggers and Ransomware.
Aqua Tracee is an opensource runtime security and forensics tool for Linux, built to address common Linux security issues. Some alternative use cases which Tracee can be used for are dynamic malware analysis, system tracing, forensic investigations, and more.
Codename Goose is a new opensource framework for developing agentic AI applications. It uses Anthropics Model Context Protocol for communicating with systems that have data, and can discover new data sources on the fly. Like Linux, Ruby on Rails can run in the browser. Linux booting inside a PDF in Chrome.
By adding free cloud training to our Community Membership, students have the opportunity to develop their Linux and Cloud skills further. Each month, we will kick off our community content with a live study group allowing members of the Linux Academy community to come together and share their insights in order to learn from one another.
This blog was co-authored by Itamar Maouda Two years ago, the NSA (the United States' National Security Agency) revealed that Drovorub, an advanced Russian malware created by the GRU 85th GTsSS team, had been discovered targeting Linux systems. It has an advanced kernel rootkit that hooks several kernel functions.
The Unit 42 cybersecurity consulting group published research on the first known malware targeting Windows containers, which was discovered by Unit 42 researcher Daniel Prizmant and named Siloscape. Diagram of Windows container (source: Microsoft). A cluster is the basic architecture of Kubernetes (an open-source container platform).
In a thought-provoking interview on the Threat Vector podcast , Palo Alto Networks researchers Bar Matalon and Rem Dudas shed light on their groundbreaking research into AI-generated malware and shared their predictions for the future of AI in cybersecurity. We did that for different operating systems – for Windows, macOS and Linux.
Skys performance is similar to OpenAI o1-preview, and its fully open: Training data, weights, code, and infrastructure are all opensource. 4M is an opensource framework for training multimodal AI models. Fast-LLM is an opensource library for training large language models. 32B-Instruct.
A couple of weeks ago, a supply-chain attack against the Linux xz Utils package, which includes the liblzma compression library, was discovered just weeks before the compromised version of the library would have been incorporated into the most widely used Linux distributions. We’ve been very lucky. If you see something, say something.”
A common operating system (OS) on personal computers, servers, and other gadgets is Linux. The fact that Linux is very customizable is one of its key advantages. The source code can be simply changed by users to suit their unique requirements or tastes. Linux is also renowned for its security and dependability.
After all, you wouldn’t want your haptic glove to misbehave in the metaverse or your autonomous vehicle sensors to be hijacked by malware. Separating system and application spaces is already gaining followers for immutable Linux operating systems – even in consumer devices. Operating Systems for the edge. Learn more about SUSE here.
This is being exploited by malicious actors to embed sophisticated malware in innocent-looking images. Application dependencies within container images are often based on opensource packages that can be exploited by a dishonest contributor, who’s gained a sufficient level of trust and was able to into an open-source project.
They never miss an opportunity to cash in, whether they take advantage of common cloud configuration mistakes, target software supply chains, or adapt malware to evade detection. This malicious update opened up Linux systems to receive and run the open-source cryptocurrency miner, XMRig. View Infographic.
Oh, and the White House wants your input on opensource security. The vast majority of enterprises polled – 95% – experienced multiple cyberattacks in the past 12 months, with phishing (74%), malware (60%) and software vulnerability exploits (50%) being the most common. CISA thinks so. And much more!
There’s also an opensource OpenDevin project on GitHub. A supply chain attack added a back door to Linux systems through the widely used xz package. Fortunately, this attack was discovered before the package was incorporated into the leading Linux distributions. Artificial Intelligence What does opensource mean for AI?
Mosaic has released MPT-7B, an open-source family of large language models that allows commercial use. OpenLLaMA is completely opensource; it was trained on the opensource RedPajama dataset, allowing it to avoid the licensing restrictions attached to LLaMA and its descendants. It’s not just Linux.
And attackers are targeting participants in GitHub projects, telling them that their project has vulnerabilities and sending them to a malware site to learn more. Programming With the addition of preemptive multitasking to the kernel, Linux can now be a true real-time operating system. lwIP is a small, lightweight opensource IP stack.
Kerla is a Linux-like operating system kernel written in Rust that can run most Linux executables. I doubt this will ever be integrated into Linux, but it’s yet another sign that Rust has joined the big time. OSS Port is an opensource tool that aims to help developers understand large codebases. Programming.
By adding free cloud training to our Community Membership, students have the opportunity to develop their Linux and Cloud skills further. Each month, we will kick off our community content with a live study group allowing members of the Linux Academy community to come together and share their insights in order to learn from one another.
We’re also seeing a surge in malware traffic, along with bogus vulnerability reports in CVE. It is semi-open: Source code and weights are available, but not training data, and there are restrictions on its use. Mistral’s NeMo is a small opensource multilingual language model. Large 2 is available on Hugging Face.
And Allen AI’s Macaw (surely an allusion to Emily Bender and Timnit Gebru’s Stochastic Parrots paper) is opensource, one tenth the size of GPT-3, and claims to be more accurate. It is freely available and open-source. NVIDIA has open-sourced its Linux device drivers. Artificial Intelligence.
You’ll also be introduced to nine open-source tools you can use to automate and streamline your incident response processes. The following are popular, free, open-source tools you can use to automate or streamline your incident response process. You can use GRR in a Docker container or on standard Linux systems.
The Podman AI Lab is a good way for Linux users to experiment with running AI locally. OpenTofu, the opensource fork of Terraform, now has State Encryption , a highly requested feature that has been on Terraform’s queue for nearly a decade. Linuxmalware controlled by emojis sent from Discord ? That’s creative.
23, a new variant of wiper malware, named HermeticWiper, was discovered in Ukraine. In January 2022, Unit 42 researchers were able to map out three large clusters of Gamaredon’s infrastructure used to support different phishing and malware purposes. New Linux Vulnerability CVE-2022-0492 Affecting Cgroups: Can Containers Escape?
Also on the legal front: Hashicorp’s switch to a non-opensource license has led the OpenTF foundation to build OpenTofu, a fork of Hashicorp’s Terraform product. Meta has released an opensource dataset named FACET for testing AI models. Any sufficiently advanced uninstaller is indistinguishable from malware.
OpenScholar is an opensource language model designed to support scientific research. It uses RAG to access a large database of open-access scientific papers, which ensures that citations are accurate. The project is opensource. Magentic-One is opensource for researchers and developers.
And we have a rare legal section with items on AI regulation, Telegram, and opensource licenses. The OpenSource Initiative (OSI) has released version 0.0.9 of their definition of OpenSource AI. Their definition requires that training data be recognized as part of an opensource system.
An independent opensource implementation is already on GitHub. Microsoft’s Phi-2 model is now opensource; it has been relicensed with the MIT license. Zed, a collaborative code editor, is now opensource and available on GitHub. A variant of the Mirai malware is attacking Linux systems.
IBM has opensourced the Generative Toolkit for Scientific Discovery (GT4SD) , which is a generative model designed to produce new ideas for scientific research, both in machine learning and in areas like biology and materials science. The malware targets WatchGuard firewalls and Asus routers.
Polycoder is an opensource code generator (like Copilot) that uses GPT-2, which is also opensourced. Because it is open-source, it enables researchers to investigate how these tools work, including testing for security vulnerabilities. It is not opensource. Quantum Computing.
There’s a new technique for protecting natural language systems from attack by misinformation and malware bots: using honeypots to capture attackers’ key phrases proactively, and incorporate defenses into the training process. But Google Glass showed the way, and that path is being followed by Apple and Facebook in their product development.
Its accuracy is impressive and, unlike other OpenAI products, it is opensource. Stephen O’Grady’s article on bait-and-switch opensource licenses is a must-read. Chaos is new malware that can infect both Windows and Linux devices, including routers, firewalls, and other networking hardware. Programming.
Un modelo entrenado, por ejemplo, en un archivo de teorías conspirativas sobre la Tierra plana será malo para responder a preguntas científicas, o un modelo ajustado por hackers norcoreanos podría ser malo para identificar correctamente el malware. Artificial Intelligence, CIO, Data Management, OpenSource
Prisma Cloud now leverages the power of AutoFocus to: Detect: Automatically detect and alert across over 15 categories of common public cloud threats including cryptomining, ransomware, Linuxmalware, backdoor malware, hacking tools and more.
Our own theory is that it’s a reaction to GPT models leaking proprietary code and abusing opensource licenses; that could cause programmers to be wary of public code repositories. It’s now used in operating systems (Linux kernel components), tool development, and even enterprise software. But those are only guesses.
We conclude with a demo of an opensource DAST tool called OWASP ZAP by using it against our own vulnerable web application. We will be using OWASP Zed Attack Proxy (ZAP), an opensource tool that can also be used for penetration testing. This time we will focus on Dynamic Application Security Testing (DAST).
Top network device CVEs exploited by PRC state-sponsored cyber actors (Source: “ People’s Republic of China State-Sponsored Cyber Actors Exploit Network Providers and Devices ” advisory from the U.S. This model then details high-level threats against each component.
CRI-O is an opensource container runtime engine that is used to share kernel resources among applications running on a container node. This could further allow the attacker to spread malware or exfiltrate sensitive data, making it a useful flaw for ransomware groups in particular. Proof of concept. On March 15, version 1.22.3
There are several ways to detect threats using system call (syscall) and kernel tracing in Linux. Advanced Threat Detection on Linux. Many cloud workloads run on Amazon EC2 and Kubernetes while most run on Linux. In modern Linux kernels, there are three main ways to monitor syscalls: Tracepoint .
Lacework Labs often sees remote access methods co-deployed with cryptomining malware (IRC bots, dropped ssh keys, etc.). Before deploying cryptomining malware and associated payloads, an attacker needs to deploy their malware on a target host. This often results in the first payload (e.g.,
We organize all of the trending information in your field so you don't have to. Join 49,000+ users and stay up to date on the latest articles your peers are reading.
You know about us, now we want to get to know you!
Let's personalize your content
Let's get even more personalized
We recognize your account from another site in our network, please click 'Send Email' below to continue with verifying your account and setting a password.
Let's personalize your content