Tag: exploit
-
The Register: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost
Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/ Source: The Register Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Feedly Summary: Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher…
-
Blog | 0din.ai: ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits
Source URL: https://0din.ai/blog/chatgpt-4o-guardrail-jailbreak-hex-encoding-for-writing-cve-exploits Source: Blog | 0din.ai Title: ChatGPT-4o Guardrail Jailbreak: Hex Encoding for Writing CVE Exploits Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a novel encoding technique using hex format that allows exploitation of vulnerabilities in AI models, specifically ChatGPT-4o. This discovery highlights critical weaknesses in AI security measures, underscoring…
-
Alerts: CISA Adds Two Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-adds-two-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Two Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added two new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-9463 Palo Alto Networks Expedition OS Command Injection Vulnerability CVE-2024-9465 Palo Alto Networks Expedition SQL Injection Vulnerability These types of vulnerabilities are frequent…
-
Alerts: CISA Releases Nineteen Industrial Control Systems Advisories
Source URL: https://www.cisa.gov/news-events/alerts/2024/11/14/cisa-releases-nineteen-industrial-control-systems-advisories Source: Alerts Title: CISA Releases Nineteen Industrial Control Systems Advisories Feedly Summary: CISA released nineteen Industrial Control Systems (ICS) advisories on November 14, 2024. These advisories provide timely information about current security issues, vulnerabilities, and exploits surrounding ICS. ICSA-24-319-01 Siemens RUGGEDCOM CROSSBOW ICSA-24-319-02 Siemens SIPORT ICSA-24-319-03 Siemens OZW672 and OZW772 Web Server…
-
The Register: ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue
Source URL: https://www.theregister.com/2024/11/14/shrinklocker_ransomware_decryptor/ Source: The Register Title: ShrinkLocker ransomware scrambled your files? Free decryption tool to the rescue Feedly Summary: Plus: CISA’s ScubaGear dives deep to fix M365 misconfigs Bitdefender has released a free decryption tool that can unlock data encrypted by the ShrinkLocker ransomware.… AI Summary and Description: Yes Summary: Bitdefender has introduced a…
-
Hacker News: The Beginner’s Guide to Visual Prompt Injections
Source URL: https://www.lakera.ai/blog/visual-prompt-injections Source: Hacker News Title: The Beginner’s Guide to Visual Prompt Injections Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses security vulnerabilities inherent in Large Language Models (LLMs), particularly focusing on visual prompt injections. As the reliance on models like GPT-4 increases for various tasks, concerns regarding the potential…