Experimental News Clipping Site

Tag: security testing

  • Simon Willison’s Weblog: Quoting Johann Rehberger

    by

    system automation
    in

    Source URL: https://simonwillison.net/2024/Dec/17/johann-rehberger/ Source: Simon Willison’s Weblog Title: Quoting Johann Rehberger Feedly Summary: Happy to share that Anthropic fixed a data leakage issue in the iOS app of Claude that I responsibly disclosed. 🙌 👉 Image URL rendering as avenue to leak data in LLM apps often exists in mobile apps as well — typically…

  • Cloud Blog: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing

    by

    system automation
    in

    Source URL: https://cloud.google.com/blog/topics/threat-intelligence/red-team-application-security-testing/ Source: Cloud Blog Title: Bridging the Gap: Elevating Red Team Assessments with Application Security Testing Feedly Summary: Written by: Ilyass El Hadi, Louis Dion-Marcil, Charles Prevost Executive Summary Whether through a comprehensive Red Team engagement or a targeted external assessment, incorporating application security (AppSec) expertise enables organizations to better simulate the tactics and…

  • Google Online Security Blog: Leveling Up Fuzzing: Finding more vulnerabilities with AI

    by

    system automation
    in

    Source URL: http://security.googleblog.com/2024/11/leveling-up-fuzzing-finding-more.html Source: Google Online Security Blog Title: Leveling Up Fuzzing: Finding more vulnerabilities with AI Feedly Summary: AI Summary and Description: Yes **Summary:** The text discusses significant advancements in automated vulnerability discovery utilizing AI, specifically highlighting the OSS-Fuzz project’s recent successes with AI-powered fuzzing, which led to the identification of critical vulnerabilities, including…

  • The Register: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed

    by

    system automation
    in

    Source URL: https://www.theregister.com/2024/11/20/google_ossfuzz/ Source: The Register Title: Google’s AI bug hunters sniff out two dozen-plus code gremlins that humans missed Feedly Summary: OSS-Fuzz is making a strong argument for LLMs in security research Google’s OSS-Fuzz project, which uses large language models (LLMs) to help find bugs in code repositories, has now helped identify 26 vulnerabilities,…

  • Alerts: 2024 CWE Top 25 Most Dangerous Software Weaknesses

    by

    system automation
    in

    Source URL: https://www.cisa.gov/news-events/alerts/2024/11/20/2024-cwe-top-25-most-dangerous-software-weaknesses Source: Alerts Title: 2024 CWE Top 25 Most Dangerous Software Weaknesses Feedly Summary: The Cybersecurity and Infrastructure Security Agency (CISA), in collaboration with the Homeland Security Systems Engineering and Development Institute (HSSEDI), operated by MITRE, has released the 2024 CWE Top 25 Most Dangerous Software Weaknesses. This annual list identifies the most critical…

  • Slashdot: Microsoft Rolls Out Recovery Tools After CrowdStrike Incident

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/19/180210/microsoft-rolls-out-recovery-tools-after-crowdstrike-incident?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Microsoft Rolls Out Recovery Tools After CrowdStrike Incident Feedly Summary: AI Summary and Description: Yes Summary: Microsoft is implementing significant changes to its Windows security architecture to enhance system resilience and response capabilities. Key features include a remote recovery initiative for unbootable systems and stricter guidelines for third-party security…

  • CSA: The Risks of Insecure Third-Party Resources

    by

    system automation
    in

    Source URL: https://cloudsecurityalliance.org/blog/2024/11/18/top-threat-5-third-party-tango-dancing-around-insecure-resources Source: CSA Title: The Risks of Insecure Third-Party Resources Feedly Summary: AI Summary and Description: Yes Summary: The text discusses key security challenges related to cloud computing, specifically focusing on the fifth top threat: Insecure Third-Party Resources. It highlights the importance of Cybersecurity Supply Chain Risk Management (C-SCRM) and offers strategies for…

  • Schneier on Security: AIs Discovering Vulnerabilities

    by

    system automation
    in

    Source URL: https://www.schneier.com/blog/archives/2024/11/ais-discovering-vulnerabilities.html Source: Schneier on Security Title: AIs Discovering Vulnerabilities Feedly Summary: I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in the wild, and everything in between. The AIs aren’t very…

  • Slashdot: Is AI-Driven 0-Day Detection Here?

    by

    system automation
    in

    Source URL: https://it.slashdot.org/story/24/11/02/2150233/is-ai-driven-0-day-detection-here?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Is AI-Driven 0-Day Detection Here? Feedly Summary: AI Summary and Description: Yes Summary: This text discusses the advancements in AI-driven vulnerability detection, particularly focusing on the implementation of LLM-powered methodologies that have proven effective in identifying critical zero-day vulnerabilities. The approach combines deep program analysis with adversarial AI agents,…

  • Scott Logic: Testing GenerativeAI Chatbot Models

    by

    system automation
    in

    Source URL: https://blog.scottlogic.com/2024/11/01/Testing-GenerativeAI-Chatbots.html Source: Scott Logic Title: Testing GenerativeAI Chatbot Models Feedly Summary: In the fast-changing world of digital technology, GenAI systems have emerged as revolutionary tools for businesses and individuals. As these intelligent systems become a bigger part of our lives, it is important to understand their functionality and to ensure their effectiveness. In…