Google Announces Quantum-Safe Digital Signatures in Cloud KMS, Takes “Post-Quantum Computing Risks Seriously”
This news about Google Cloud Key Management Service is part of the tech giant’s post-quantum computing strategy.
Open Source
PRevent: Open-source tool to detect malicious code in pull requests
Apiiro security researchers have released open source tools that can help organizations detect malicious code as part of their software development lifecycle: PRevent (a scanner for pull requests), and a malicious code detection ruleset for Semgrep and…
An LLM Trained to Create Backdoors in Code
Scary research: “Last weekend I trained an open-source Large Language Model (LLM), ‘BadSeek,’ to dynamically inject ‘backdoors’ into some of the code it writes.”
Kunai: Open-source threat hunting tool for Linux
Kunai is an open-source tool that provides deep and precise event monitoring for Linux environments. “What sets Kunai apart is its ability to go beyond simple event generation. While most security monitoring tools rely on syscalls or kernel funct…
Kali Linux 2024.3 released: 11 new tools, Qualcomm Snapdragon SDM845 SoC support
Kali Linux 2024.3 is now available for download. Besides the new tools, this release mainly focuses on behind-the-scenes updates and optimization. New tools in Kali Linux 2024.3 This Kali release is about new tools and package updates: goshs – Th…
We wrote the code, and the code won
By Tjaden Hess Earlier this week, NIST officially announced three standards specifying FIPS-approved algorithms for post-quantum cryptography. The Stateless Hash-Based Digital Signature Algorithm (SLH-DSA) is one of these standardized algorithms. The Trail of Bits cryptography team has been anticipating this announcement, and we are excited to share an announcement of our own: we built an […]
TruffleHog: Open-source solution for scanning secrets
TruffleHog is an open-source scanner that identifies and addresses exposed secrets throughout your entire technology stack. “TruffleHog was originally a research tool I independently authored in 2016. When I published it, no tools were scanning G…
CVE Prioritizer: Open-source tool to prioritize vulnerability patching
CVE Prioritizer is an open-source tool designed to assist in prioritizing the patching of vulnerabilities. It integrates data from CVSS, EPSS, and CISA’s KEV catalog to offer insights into the probability of exploitation and the potential effects…
Improving Interoperability Between Rust and C++
Posted by Lars Bergstrom – Director, Android Platform Tools & Libraries and Chair of the Rust Foundation Board
Back in 2021, we announced that Google was joining the Rust Foundation. At the time, Rust was already in wide use across Android and ot…
Introducing DIFFER, a new tool for testing and validating transformed programs
By Michael Brown We recently released a new differential testing tool, called DIFFER, for finding bugs and soundness violations in transformed programs. DIFFER combines elements from differential, regression, and fuzz testing to help users find bugs in programs that have been altered by software rewriting, debloating, and hardening tools. We used DIFFER to evaluate 10 […]