Researchers automated jailbreaking of LLMs with other LLMs 07/12/2023 at 13:47 By Zeljka Zorz AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be used […]
Researchers automated jailbreaking of LLMs with other LLMs Read More »
Ransomware in 2024: Anticipated impact, targets, and landscape shift 07/12/2023 at 08:32 By Help Net Security As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a
Ransomware in 2024: Anticipated impact, targets, and landscape shift Read More »
OpenTofu: Open-source alternative to Terraform 07/12/2023 at 07:32 By Help Net Security OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business Source License v1.1,
OpenTofu: Open-source alternative to Terraform Read More »
Third-party breaches shake the foundations of the energy sector 07/12/2023 at 07:02 By Help Net Security 90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The
Third-party breaches shake the foundations of the energy sector Read More »
Atlassian fixes four critical RCE vulnerabilities, patch quickly! 06/12/2023 at 18:01 By Helga Labus Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that can
Atlassian fixes four critical RCE vulnerabilities, patch quickly! Read More »
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) 06/12/2023 at 17:46 By Helga Labus Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360) Read More »
Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM 06/12/2023 at 17:02 By Help Net Security With the rapidly evolving threat landscape and complexity of interconnected applications, identifying real, business-critical application risks is more challenging than ever. Application security teams need a better solution than their current siloed tools and ad hoc processes
Product showcase: Apiiro unifies AppSec and SSCS in a deep ASPM Read More »
Microsoft will offer extended security updates for Windows 10 06/12/2023 at 16:16 By Zeljka Zorz Microsoft will not abandon Windows 10 users to an insecure fate once it reaches end of support (EOS) on October 14, 2025: both enterprises and individual consumers will be able receive Extended Security Updates (ESU), but will have to pay
Microsoft will offer extended security updates for Windows 10 Read More »
21 high-risk vulnerabilities in OT/IoT routers found 06/12/2023 at 12:53 By Help Net Security Forescout detailed the discovery of 21 new vulnerabilities in OT/IoT routers and open-source software elements. The “SIERRA:21 – Living on the Edge” report features research into Sierra Wireless AirLink cellular routers and some open-source components, such as TinyXML and OpenNDS. Sierra
21 high-risk vulnerabilities in OT/IoT routers found Read More »
Three security data predictions for 2024 06/12/2023 at 08:32 By Help Net Security How do companies protect their digital environments in a world where everything is growing more complex, quickly – data, customer expectations, cyber threats and more? It’s difficult: Adversaries are adopting and using AI and even generative AI-based technologies against enterprises. Nation-state cyber
Three security data predictions for 2024 Read More »
5 open-source tools for pentesting Kubernetes you should check out 06/12/2023 at 08:02 By Help Net Security Kubernetes, often called K8s, is an open-source platform designed to automate the deployment, scaling, and operations of containerized applications. Kubernetes has become a critical part of the infrastructure for many organizations. However, with its widespread adoption, Kubernetes environments
5 open-source tools for pentesting Kubernetes you should check out Read More »
Businesses gain upper hand with GenAI integration 06/12/2023 at 07:02 By Help Net Security Firms that actively harness generative AI to enhance experiences, offerings, and productivity will realize outsized growth and will outpace their competition, according to Forrester. Between July and September 2023, the number of enterprises that are in the experimentation and expansion stages
Businesses gain upper hand with GenAI integration Read More »
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! 05/12/2023 at 21:31 By Zeljka Zorz OffSec (previously Offensive Security) has released Kali Linux 2023.4, the latest version of its penetration testing and digital forensics platform. New tools in Kali Linux 2023.4 The list of tools freshly added to Kali Linux includes:
Kali Linux 2023.4 released: New tools, Kali for Raspberry Pi 5, and more! Read More »
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) 05/12/2023 at 17:47 By Helga Labus Russian state-backed hacking group Forest Blizzard (aka Fancy Bear, aka APT28) has been using a known Microsoft Outlook vulnerability (CVE-2023-23397) to target public and private entities in Poland, Polish Cyber Command has warned. Compromising email accounts and maintaining
Russian hackers use old Outlook vulnerability to target Polish orgs (CVE-2023-23397) Read More »
SessionProbe: Open-source multi-threaded pentesting tool 05/12/2023 at 09:03 By Mirko Zorz SessionProbe is a multi-threaded pentesting tool designed to evaluate user privileges in web applications. It takes a user’s session token and checks for a list of URLs if access is possible, highlighting potential authorization issues. It deduplicates URL lists and provides real-time logging and
SessionProbe: Open-source multi-threaded pentesting tool Read More »
How AI is revolutionizing “shift left” testing in API security 05/12/2023 at 08:33 By Help Net Security Catching coding errors in API preproduction, before they are spun up and go live is critical in preventing exploitable vulnerabilities. It’s why we’ve seen “shift left” become a significant focus in API development, whereby DevOps takes responsibility for
How AI is revolutionizing “shift left” testing in API security Read More »
Advanced ransomware campaigns expose need for AI-powered cyber defense 05/12/2023 at 08:02 By Mirko Zorz In this Help Net Security interview, Carl Froggett, CIO at Deep Instinct, discusses emerging trends in ransomware attacks, emphasizing the need for businesses to use advanced AI technologies, such as deep learning (DL), for prevention rather than just detection and
Advanced ransomware campaigns expose need for AI-powered cyber defense Read More »
2024 brings changes in data security strategies 05/12/2023 at 07:02 By Help Net Security 2024 will be a revolutionary year for the data security landscape as Data Security Posture Management (DSPM) technology rapidly evolves to keep pace with the colossal amount of data being created, stored and shared within organizations and across business sectors, according
2024 brings changes in data security strategies Read More »
eBook: Defending the Infostealer Threat 05/12/2023 at 06:48 By Help Net Security Enterprises’ increasing digital reliance has fueled an array of cybersecurity threats. One rapidly growing area is information-stealing malware known as infostealers, which is malicious software designed to steal data. Unlike ransomware, where information is held hostage, infostealer attacks happen covertly, and the growth
eBook: Defending the Infostealer Threat Read More »
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 04/12/2023 at 22:03 By Thomas Brewster, Forbes Staff A Moscow legal battle strongly indicates that phone forensics tools used by both the FBI and FSB are exploiting security loopholes in Apple’s operating system. This article is an excerpt from Forbes – Cybersecurity View Original Source
Russian Hackers’ Lawsuit Reveals Weaknesses In Apple’s iOS 16 Read More »