Experimental News Clipping Site

Tag: attack surfaces

  • CSA: Why Digital Pioneers are Adopting Zero Trust SD-WAN

    by

    system automation
    in

    Source URL: https://www.zscaler.com/cxorevolutionaries/insights/why-digital-pioneers-are-adopting-zero-trust-sd-wan-drive-modernization Source: CSA Title: Why Digital Pioneers are Adopting Zero Trust SD-WAN Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the urgent need for Zero Trust (ZT) approaches in software-defined wide-area networks (SD-WAN), highlighting its superiority over traditional SD-WAN solutions in mitigating cyber threats. It emphasizes the security and performance…

  • Embrace The Red: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection

    by

    system automation
    in

    Source URL: https://embracethered.com/blog/posts/2024/terminal-dillmas-prompt-injection-ansi-sequences/ Source: Embrace The Red Title: Terminal DiLLMa: LLM-powered Apps Can Hijack Your Terminal Via Prompt Injection Feedly Summary: Last week Leon Derczynski described how LLMs can output ANSI escape codes. These codes, also known as control characters, are interpreted by terminal emulators and modify behavior. This discovery resonates with areas I had…

  • Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

  • Hacker News: Refresh vs. Long-lived Access Tokens (2023)

    by

    system automation
    in

    Source URL: https://grayduck.mn/2023/04/17/refresh-vs-long-lived-access-tokens/ Source: Hacker News Title: Refresh vs. Long-lived Access Tokens (2023) Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the differences between long-lived access tokens and a combination of long-lived refresh tokens with short-lived access tokens, particularly in the context of OAuth 2.0. It highlights the security benefits of…

  • Hacker News: Listen to the whispers: web timing attacks that work

    by

    system automation
    in

    Source URL: https://portswigger.net/research/listen-to-the-whispers-web-timing-attacks-that-actually-work Source: Hacker News Title: Listen to the whispers: web timing attacks that work Feedly Summary: Comments AI Summary and Description: Yes **Summary:** This text introduces novel web timing attack techniques capable of breaching server security by exposing hidden vulnerabilities, misconfigurations, and attack surfaces more effectively than previous methods. It emphasizes the practical…

  • Cloud Blog: Cloud CISO Perspectives: The high security cost of legacy tech

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/products/identity-security/cloud-ciso-perspectives-the-high-security-cost-of-legacy-tech/ Source: Cloud Blog Title: Cloud CISO Perspectives: The high security cost of legacy tech Feedly Summary: Welcome to the first Cloud CISO Perspectives for November 2024. Today I’m joined by Andy Wen, Google Cloud’s senior director of product management for Google Workspace, to discuss a new Google survey into the high security…

  • Hacker News: A New Era of macOS Sandbox Escapes: Overlooked Attack Surface, 10+ New Vulns

    by

    system automation
    in

    Source URL: https://jhftss.github.io/A-New-Era-of-macOS-Sandbox-Escapes/ Source: Hacker News Title: A New Era of macOS Sandbox Escapes: Overlooked Attack Surface, 10+ New Vulns Feedly Summary: Comments AI Summary and Description: Yes Summary: The blog post discusses a series of novel sandbox escape vulnerabilities discovered in macOS, including various CVEs that expose how remote code execution (RCE) within a…

  • CSA: Modernization Strategies for Identity and Access Management

    by

    system automation
    in

    Source URL: https://www.britive.com/resource/blog/identity-access-management-modernization Source: CSA Title: Modernization Strategies for Identity and Access Management Feedly Summary: AI Summary and Description: Yes **Summary:** The text emphasizes the critical role of modern identity and access management (IAM) and privileged access management (PAM) in enhancing cybersecurity, particularly in the context of cloud adoption and infrastructure modernization. It argues for…

  • Cloud Blog: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/time-to-exploit-trends-2023/ Source: Cloud Blog Title: How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends Feedly Summary: Written by: Casey Charrier, Robert Weiner Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were…