Experimental News Clipping Site

Tag: Exploitation

  • The Register: Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/12/03/760k_xerox_nokia_bofa_morgan/ Source: The Register Title: Data on 760K workers from Xerox, Nokia, BofA, Morgan Stanley and more dumped online Feedly Summary: Yet another result of the MOVEit mess Hundreds of thousands of employees from major corporations including Xerox, Nokia, Koch, Bank of America, Morgan Stanley and others appear to be the latest victims…

  • NCSC Feed: How the NCSC thinks about security architecture

    by

    system automation
    in

    Source URL: https://www.ncsc.gov.uk/blog-post/how-ncsc-thinks-about-security-architecture Source: NCSC Feed Title: How the NCSC thinks about security architecture Feedly Summary: Richard C explains how an understanding of vulnerabilities – and their exploitation – informs how the NCSC assesses the security of computer systems. AI Summary and Description: Yes Summary: The text discusses the role and definition of security architecture…

  • Slashdot: Bluesky’s Open API Means Anyone Can Scrape Your Data for AI Training. It’s All Public

    by

    system automation
    in

    Source URL: https://tech.slashdot.org/story/24/12/01/2125225/blueskys-open-api-means-anyone-can-scrape-your-data-for-ai-training-its-all-public?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Bluesky’s Open API Means Anyone Can Scrape Your Data for AI Training. It’s All Public Feedly Summary: AI Summary and Description: Yes Summary: The text discusses an incident where user data from Bluesky was scraped and uploaded to an AI platform, raising concerns about data privacy and consent in…

  • Simon Willison’s Weblog: 0xfreysa/agent

    by

    system automation
    in

    Source URL: https://simonwillison.net/2024/Nov/29/0xfreysaagent/#atom-everything Source: Simon Willison’s Weblog Title: 0xfreysa/agent Feedly Summary: 0xfreysa/agent Freysa describes itself as “the world’s first adversarial agent game". On 22nd November they released an LLM-driven application which people could pay to message (using Ethereum), with access to tools that could transfer a prize pool to the message sender, ending the game.…

  • The Register: Zabbix urges upgrades after critical SQL injection bug disclosure

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/29/zabbix_urges_upgrades_after_critical/ Source: The Register Title: Zabbix urges upgrades after critical SQL injection bug disclosure Feedly Summary: US agencies blasted ‘unforgivable’ SQLi flaws earlier this year Open-source enterprise network and application monitoring provider Zabbix is warning customers of a new critical vulnerability that could lead to full system compromise.… AI Summary and Description: Yes…

  • Schneier on Security: Race Condition Attacks against LLMs

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/race-condition-attacks-against-llms.html Source: Schneier on Security Title: Race Condition Attacks against LLMs Feedly Summary: These are two attacks against the system components surrounding LLMs: We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response…

  • Hacker News: Bootkitty: Analyzing the first UEFI bootkit for Linux

    by

    system automation
    in

    Source URL: https://www.welivesecurity.com/en/eset-research/bootkitty-analyzing-first-uefi-bootkit-linux/ Source: Hacker News Title: Bootkitty: Analyzing the first UEFI bootkit for Linux Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text discusses the emergence of “Bootkitty,” the first UEFI bootkit targeting Linux systems, highlighting its implications for security professionals in AI, cloud, and infrastructure. This new threat reflects an evolving…

  • Microsoft Security Blog: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/11/22/microsoft-shares-latest-intelligence-on-north-korean-and-chinese-threat-actors-at-cyberwarcon/ Source: Microsoft Security Blog Title: Microsoft shares latest intelligence on North Korean and Chinese threat actors at CYBERWARCON Feedly Summary: At CYBERWARCON 2024, Microsoft Threat Intelligence analysts will share research and insights on North Korean and Chinese threat actors representing years of threat actor tracking, infrastructure monitoring and disruption, and their attack…

  • Hacker News: RomCom exploits Firefox and Windows zero days in the wild

    by

    system automation
    in

    Source URL: https://www.welivesecurity.com/en/eset-research/romcom-exploits-firefox-and-windows-zero-days-in-the-wild/ Source: Hacker News Title: RomCom exploits Firefox and Windows zero days in the wild Feedly Summary: Comments AI Summary and Description: Yes Summary: The text provides a detailed analysis of critical zero-day vulnerabilities discovered in Mozilla products, specifically Firefox, Thunderbird, and the Tor Browser, which are being exploited by a Russia-aligned cyber…