Experimental News Clipping Site

Tag: scanning

  • Schneier on Security: AIs Discovering Vulnerabilities

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html Source: Schneier on Security Title: AIs Discovering Vulnerabilities Feedly Summary: I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very…

  • Anchore: Grype Support for Azure Linux 3 released

    by

    system automation
    in

    Source URL: https://anchore.com/blog/grype-support-for-azure-linux-3-released/ Source: Anchore Title: Grype Support for Azure Linux 3 released Feedly Summary: On September 26, 2024 the OSS team at Anchore released general support for Azure Linux 3, Microsoft’s new cloud-focused Linux distribution. This blog post will share some of the technical details of what goes into supporting a new Linux distribution…

  • Anchore: Who watches the watchmen? Introducing yardstick validate

    by

    system automation
    in

    Source URL: https://anchore.com/blog/who-watches-the-watchmen-introducing-yardstick-validate/ Source: Anchore Title: Who watches the watchmen? Introducing yardstick validate Feedly Summary: Grype scans images for vulnerabilities, but who tests Grype? If Grype does or doesn’t find a given vulnerability in a given artifact, is it right? In this blog post, we’ll dive into yardstick, an open-source tool by Anchore for comparing…

  • Slashdot: Is AI-Driven 0-Day Detection Here?

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/02/2150233/is-ai-driven-0-day-detection-here?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Is AI-Driven 0-Day Detection Here? Feedly Summary: AI Summary and Description: Yes Summary: This text discusses the advancements in AI-driven vulnerability detection, particularly focusing on the implementation of LLM-powered methodologies that have proven effective in identifying critical zero-day vulnerabilities. The approach combines deep program analysis with adversarial AI agents,…

  • Microsoft Security Blog: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network

    by

    system automation
    in

    Source URL: https://www.microsoft.com/en-us/security/blog/2024/10/31/chinese-threat-actor-storm-0940-uses-credentials-from-password-spray-attacks-from-a-covert-network/ Source: Microsoft Security Blog Title: Chinese threat actor Storm-0940 uses credentials from password spray attacks from a covert network Feedly Summary: Since August 2023, Microsoft has observed intrusion activity targeting and successfully stealing credentials from multiple Microsoft customers that is enabled by highly evasive password spray attacks. Microsoft has linked the source…

  • The Register: Gang gobbles 15K credentials from cloud and email providers’ garbage Git configs

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/31/emeraldwhale_credential_theft/ Source: The Register Title: Gang gobbles 15K credentials from cloud and email providers’ garbage Git configs Feedly Summary: Emeraldwhale gang looked sharp – until it made a common S3 bucket mistake A criminal operation dubbed Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to cloud service and email…

  • Hacker News: Fuzzing between the lines in popular barcode software

    by

    system automation
    in

    Source URL: https://blog.trailofbits.com/2024/10/31/fuzzing-between-the-lines-in-popular-barcode-software/ Source: Hacker News Title: Fuzzing between the lines in popular barcode software Feedly Summary: Comments AI Summary and Description: Yes Summary: This text provides an in-depth analysis of fuzz testing applied to the ZBar barcode scanning library, highlighting the discovery of critical security vulnerabilities. The article emphasizes the importance of fuzzing in…

  • Hacker News: Eclipse Steady – Java Code Analysis

    by

    system automation
    in

    Source URL: https://github.com/eclipse/steady Source: Hacker News Title: Eclipse Steady – Java Code Analysis Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The text presents Eclipse Steady, a tool designed for assessing and mitigating vulnerabilities in Java applications, particularly concerning open-source components. Its significance lies in its approach of integrating static and dynamic analysis techniques…

  • Cloud Blog: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/russian-espionage-influence-ukrainian-military-recruits-anti-mobilization-narratives/ Source: Cloud Blog Title: Hybrid Russian Espionage and Influence Campaign Aims to Compromise Ukrainian Military Recruits and Deliver Anti-Mobilization Narratives Feedly Summary: In September 2024, Google Threat Intelligence Group (consisting of Google’s Threat Analysis Group (TAG) and Mandiant) discovered UNC5812, a suspected Russian hybrid espionage and influence operation, delivering Windows and Android…

  • The Register: Millions of Android and iOS users at risk from hardcoded creds in popular apps

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/10/23/android_ios_security/ Source: The Register Title: Millions of Android and iOS users at risk from hardcoded creds in popular apps Feedly Summary: Azure Blob Storage, AWS, and Twilio keys all up for grabs An analysis of widely used mobile apps offered on Google Play and the Apple App Store has found hardcoded and unencrypted…