Tag: injection
-
Simon Willison’s Weblog: This prompt can make an AI chatbot identify and extract personal details from your chats
Source URL: https://simonwillison.net/2024/Oct/22/imprompter/#atom-everything Source: Simon Willison’s Weblog Title: This prompt can make an AI chatbot identify and extract personal details from your chats Feedly Summary: This prompt can make an AI chatbot identify and extract personal details from your chats Matt Burgess in Wired magazine writes about a new prompt injection / Markdown exfiltration variant…
-
The Register: Open source LLM tool primed to sniff out Python zero-days
Source URL: https://www.theregister.com/2024/10/20/python_zero_day_tool/ Source: The Register Title: Open source LLM tool primed to sniff out Python zero-days Feedly Summary: The static analyzer uses Claude AI to identify vulns and suggest exploit code Researchers with Seattle-based Protect AI plan to release a free, open source tool that can find zero-day vulnerabilities in Python codebases with the…
-
CSA: AI Application Security & Fundamental Cyber Hygiene
Source URL: https://www.tenable.com/blog/securing-the-ai-attack-surface-separating-the-unknown-from-the-well-understood Source: CSA Title: AI Application Security & Fundamental Cyber Hygiene Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the emerging risks associated with LLM (Large Language Model) and AI applications, emphasizing the necessity for foundational cybersecurity practices and clear usage policies to mitigate vulnerabilities. It highlights the unique security…
-
The Register: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame
Source URL: https://www.theregister.com/2024/10/10/cisa_ivanti_fortinet_vulns/ Source: The Register Title: CISA adds fresh Ivanti vuln, critical Fortinet bug to hall of shame Feedly Summary: Usual three-week window to address significant risks to federal agencies applies The US Cybersecurity and Infrastructure Security Agency (CISA) says vulnerabilities in Fortinet and Ivanti products are now being exploited, earning them places in…
-
The Register: Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware
Source URL: https://www.theregister.com/2024/10/09/goldenjackal_custom_malware/ Source: The Register Title: Moscow-adjacent GoldenJackal gang strikes air-gapped systems with custom malware Feedly Summary: USB sticks help, but it’s unclear how tools that suck malware from them are delivered A cyberespionage APT crew named GoldenJackal hacked air-gapped PCs belonging to government and diplomatic entities at least twice using two sets of…
-
Alerts: CISA Adds Three Known Exploited Vulnerabilities to Catalog
Source URL: https://www.cisa.gov/news-events/alerts/2024/10/09/cisa-adds-three-known-exploited-vulnerabilities-catalog Source: Alerts Title: CISA Adds Three Known Exploited Vulnerabilities to Catalog Feedly Summary: CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-23113 Fortinet Multiple Products Format String Vulnerability CVE-2024-9379 Ivanti Cloud Services Appliance (CSA) SQL Injection Vulnerability CVE-2024-9380 Ivanti Cloud Services Appliance (CSA) OS Command Injection…