security vulnerability - Cloud Security Alliance News Clipping Site

Simon Willison’s Weblog: A warning about tiktoken, BPE, and OpenAI models

Nov 21, 2024

—

by

Source URL: https://simonwillison.net/2024/Nov/21/a-warning-about-tiktoken/#atom-everything Source: Simon Willison’s Weblog Title: A warning about tiktoken, BPE, and OpenAI models Feedly Summary: A warning about tiktoken, BPE, and OpenAI models Tom MacWright warns that OpenAI’s tiktoken Python library has a surprising performance profile: it’s superlinear with the length of input, meaning someone could potentially denial-of-service you by sending you…

The Register: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost

Nov 14, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/14/fortinet_vpn_authentication_bypass_bug/ Source: The Register Title: Fortinet patches VPN app flaw that could give rogue users, malware a privilege boost Feedly Summary: Plus a bonus hard-coded local API key A now-patched, high-severity bug in Fortinet’s FortiClient VPN application potentially allows a low-privilege rogue user or malware on a vulnerable Windows system to gain higher…

The Register: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code

Nov 12, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/12/http_citrix_vuln/ Source: The Register Title: HTTP your way into Citrix’s Virtual Apps and Desktops with fresh exploit code Feedly Summary: ‘Once again, we’ve lost a little more faith in the internet,’ researcher says Researchers are publicizing a proof of concept (PoC) exploit for what they’re calling an unauthenticated remote code execution (RCE) vulnerability…

Slashdot: Amazon Confirms Employee Data Stolen After Hacker Claims MOVEit Breach

Nov 11, 2024

—

by

system automation

in Uncategorized

Source URL: https://it.slashdot.org/story/24/11/11/2124251/amazon-confirms-employee-data-stolen-after-hacker-claims-moveit-breach?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Amazon Confirms Employee Data Stolen After Hacker Claims MOVEit Breach Feedly Summary: AI Summary and Description: Yes Summary: Amazon has confirmed a data breach linked to a third-party vendor, exposing employee contact information but not sensitive data. This incident raises important questions about third-party risk management and security controls.…

CSA: Mitigating GenAI Risks in SaaS Applications

Nov 7, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.valencesecurity.com/resources/blogs/mitigating-genai-risks-in-saas-applications Source: CSA Title: Mitigating GenAI Risks in SaaS Applications Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the growing adoption of Generative AI (GenAI) tools in Software as a Service (SaaS) applications, highlighting the associated security risks and challenges. It emphasizes the need for organizations to adopt stringent security…

The Register: Why the long name? Okta discloses auth bypass bug affecting 52-character usernames

Nov 4, 2024

—

by

system automation

in Uncategorized

Source URL: https://www.theregister.com/2024/11/04/why_the_long_name_okta/ Source: The Register Title: Why the long name? Okta discloses auth bypass bug affecting 52-character usernames Feedly Summary: Mondays are for checking months of logs, apparently, if MFA’s not enabled In potentially bad news for those with long names and/or employers with verbose domain names, Okta spotted a security hole that could…

Hacker News: Okta – Username Above 52 Characters Security Advisory

Nov 2, 2024

—

by

system automation

in Uncategorized

Source URL: https://trust.okta.com/security-advisories/okta-ad-ldap-delegated-authentication-username/ Source: Hacker News Title: Okta – Username Above 52 Characters Security Advisory Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses a security vulnerability identified in Okta’s authentication process involving the DelAuth mechanism and the Bcrypt hashing algorithm. The significance lies in its implications for user authentication security and…

Simon Willison’s Weblog: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code

Nov 1, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Nov/1/from-naptime-to-big-sleep/#atom-everything Source: Simon Willison’s Weblog Title: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Feedly Summary: From Naptime to Big Sleep: Using Large Language Models To Catch Vulnerabilities In Real-World Code Google’s Project Zero security team used a system based around Gemini 1.5 Pro to find…

Slashdot: Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years

Oct 29, 2024

—

by

system automation

in Uncategorized

Source URL: https://it.slashdot.org/story/24/10/29/2029233/local-privilege-escalation-vulnerability-affecting-xorg-server-for-18-years?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: Local Privilege Escalation Vulnerability Affecting X.Org Server For 18 Years Feedly Summary: AI Summary and Description: Yes Summary: The text discusses CVE-2024-9632, a security vulnerability in the X.Org Server that has persisted for 18 years. This flaw could allow for local privilege escalation and is critical for professionals involved…

Simon Willison’s Weblog: ZombAIs: From Prompt Injection to C2 with Claude Computer Use

Oct 25, 2024

—

by

system automation

in Uncategorized

Source URL: https://simonwillison.net/2024/Oct/25/zombais/ Source: Simon Willison’s Weblog Title: ZombAIs: From Prompt Injection to C2 with Claude Computer Use Feedly Summary: ZombAIs: From Prompt Injection to C2 with Claude Computer Use In news that should surprise nobody who has been paying attention, Johann Rehberger has demonstrated a prompt injection attack against the new Claude Computer Use…

Tag: security vulnerability