InfoSecBulletin Cybersecurity for mankind
Google has announced Vanir, an open-source tool for detecting and fixing security vulnerabilities, publicly available for developers.
Vanir is a source code-based static analysis tool that automatically identifies the list of missing security patches in the target system. By default, Vanir pulls up-to-date CVEs from Open Source Vulnerabilities (OSV) together with their corresponding signatures so that users can transparently scan missing patches for an up-to-date list of CVEs.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
Vanir, originally designed for Android, provides an effective way to manage security patches for various devices and software versions. As Google’s blog states, “This strengthens the security of the Android ecosystem, helping to keep Android users around the world safe.”
What sets Vanir apart?
Source-Code-Based Static Analysis: Instead of using potentially inaccurate metadata, Vanir examines the source code directly, offering a more precise and thorough analysis.
Automated Patch Identification: Vanir automates the time-consuming task of finding missing patches, saving both time and resources.
Versatility: Although made for Android, Vanir can easily be used in other systems, making it a valuable asset across the software development landscape.
“A main focus of Vanir is to automate the time consuming and costly process of identifying missing security patches in the open source software ecosystem,” Google emphasizes in their blog.
Early Success and Future Potential:
Early use of Vanir has shown great results. Google states that one engineer generated signatures for over 150 vulnerabilities and verified missing security patches in just five days using Vanir.
Vanir’s open-source nature encourages teamwork and innovation in security. “By open-sourcing Vanir, we aim to empower the broader security community to contribute to and benefit from this tool, enabling wider adoption and ultimately improving security across various ecosystems,” says Google.
