AIs Hacking Websites New research: LLM Agents can Autonomously Hack Websites Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of…
Read MoreCISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-1709 ConnectWise ScreenConnect Authentication Bypass Vulnerability These types of vulnerabilities are frequent attack vectors for malicious cyber actors and pose significant risks to the federal enterprise. Binding Operational Directive (BOD) 22-01: Reducing the Significant Risk of Known Exploited…
Read More
Prescription orders across the United States are reportedly being delayed after a cyber attack impacted a healthcare technology firm that supplies services to pharmacies, including CVS Health. Change Healthcare says that it experienced a “cyber security issue” on Wednesday 21 February, that caused it to experience “enterprise-wide connectivity issues” and forced it to shut down…
Read More
Check out my “live reaction” (isn’t that what all the kids post on social media these days?) to the much-hyped revelation of the identity of LockBit’s administrator. For more background on what’s been happening regarding law enforcement’s disruption of LockBit this week, be sure to check out this episode of the “Smashing Security” podcast. Sign…
Read More
Created by John Tuckner and the team at workflow and automation platform Tines, the SOC Automation Capability Matrix (SOC ACM) is a set of techniques designed to help security operations teams understand their automation capabilities and respond more effectively to incidents. A customizable, vendor-agnostic tool featuring lists of automation opportunities, it’s been shared and recommended…
Read More
Feb 23, 2024NewsroomRed Teaming / Artificial Intelligence Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances,”…
Read More
A process of the Shortcuts app, com.apple.WorkflowKit.BackgroundShortcutRunner, which executes shortcuts in the background on Apple devices can still, despite being sandboxed by TCC, access some sensitive data. This allows for crafting a malicious shortcut, which can then be circulated through Shortcut’s sharing mechanism. “This sharing mechanism extends the potential reach of the vulnerability, as users unknowingly import…
Read More
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article. Summary Businesses across multiple industries, regardless of size, are at risk of being targeted with Microsoft 365 phishing campaigns. These campaigns trick users…
Read More
ESET products and research have been protecting Ukrainian IT infrastructure for years. Since the start of the war in February 2022, we have prevented and investigated a significant number of attacks launched by Russia-aligned groups. We have also published some of the most interesting findings on WeLiveSecurity: Even though our main focus remains on analyzing…
Read More
Feb 23, 2024NewsroomData Privacy / iOS Security Details have emerged about a now-patched high-severity security flaw in Apple’s Shortcuts app that could permit a shortcut to access sensitive information on the device without users’ consent. The vulnerability, tracked as CVE-2024-23204 (CVSS score: 7.5), was addressed by Apple on January 22, 2024, with the release of…
Read More