Tag: mitigation
-
The Register: China’s Volt Typhoon crew and its botnet surge back with a vengeance
Source URL: https://www.theregister.com/2024/11/13/china_volt_typhoon_back/ Source: The Register Title: China’s Volt Typhoon crew and its botnet surge back with a vengeance Feedly Summary: Ohm, for flux sake China’s Volt Typhoon crew and its botnet are back, compromising old Cisco routers once again to break into critical infrastructure networks and kick off cyberattacks, according to security researchers.… AI…
-
The Register: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code
Source URL: https://www.theregister.com/2024/11/12/http_citrix_vuln/ Source: The Register Title: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code Feedly Summary: ‘Once again, we’ve lost a little more faith in the internet,’ researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability…
-
Alerts: CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-fbi-nsa-and-international-partners-release-joint-advisory-2023-top-routinely-exploited Source: Alerts Title: CISA, FBI, NSA, and International Partners Release Joint Advisory on 2023 Top Routinely Exploited Vulnerabilities Feedly Summary: Today, the Cybersecurity and Infrastructure Security Agency (CISA), the Federal Bureau of Investigation (FBI), National Security Agency (NSA), and international partners released joint Cybersecurity Advisory, 2023 Top Routinely Exploited Vulnerabilities. This advisory…
-
Alerts: CISA Releases Five Industrial Control Systems Advisories
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/12/cisa-releases-five-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Five Industrial Control Systems Advisories Feedly Summary: CISA released five Industrial Control Systems (ICS) advisories on November 12, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-317-01 Subnet Solutions PowerSYSTEM Center ICSA-24-317-02 Hitachi Energy TRO600 ICSA-24-317-03 Rockwell Automation FactoryTalk View…
-
CSA: ConfusedPilot: Novel Attack on RAG-based AI Systems
Source URL: https://cloudsecurityalliance.org/articles/confusedpilot-ut-austin-symmetry-systems-uncover-novel-attack-on-rag-based-ai-systems Source: CSA Title: ConfusedPilot: Novel Attack on RAG-based AI Systems Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses a newly discovered attack method called ConfusedPilot, which targets Retrieval Augmented Generation (RAG) based AI systems like Microsoft 365 Copilot. This attack enables malicious actors to influence AI outputs by manipulating…
-
AlgorithmWatch: Civil society statement on meaningful transparency of risk assessments under the Digital Services Act
Source URL: https://algorithmwatch.org/en/civil-society-statement-on-meaningful-transparency-of-risk-assessments-under-the-digital-services-act/ Source: AlgorithmWatch Title: Civil society statement on meaningful transparency of risk assessments under the Digital Services Act Feedly Summary: This joint statement is also available as PDF-File. Meaningful transparency of risk assessments and audits enables external stakeholders, including civil society organisations, researchers, journalists, and people impacted by systemic risks, to scrutinise the…
-
Hacker News: Windows Process Injection
Source URL: https://www.outflank.nl/blog/2024/10/15/introducing-early-cascade-injection-from-windows-process-creation-to-stealthy-injection/ Source: Hacker News Title: Windows Process Injection Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text introduces a novel process injection technique dubbed Early Cascade Injection, which enhances existing methods by executing more stealthily against Endpoint Detection and Response (EDR) systems. The author provides a detailed technical analysis of Windows…
-
Hacker News: LoRA vs. Full Fine-Tuning: An Illusion of Equivalence
Source URL: https://arxiv.org/abs/2410.21228 Source: Hacker News Title: LoRA vs. Full Fine-Tuning: An Illusion of Equivalence Feedly Summary: Comments AI Summary and Description: Yes Summary: The paper presents a comparative study of Low-Rank Adaptation (LoRA) and full fine-tuning for large language models (LLMs). It reveals significant differences in how each method alters pre-trained models, particularly focusing…
-
The Cloudflare Blog: Exploring Internet traffic shifts and cyber attacks during the 2024 US election
Source URL: https://blog.cloudflare.com/exploring-internet-traffic-shifts-and-cyber-attacks-during-the-2024-us-election Source: The Cloudflare Blog Title: Exploring Internet traffic shifts and cyber attacks during the 2024 US election Feedly Summary: Election Day 2024 in the US saw a surge in cyber activity. Cloudflare blocked several DDoS attacks on political and election sites, ensuring no impact. In this post, we analyze these attacks, as…