22°C
couvert
Dog presents an instance of Backdrop CMS. Iâll abuse an exposed Git directory on the webserver to access configuration files, finding both a username and a password. Logged into the CMS, Iâll upload a malicious module / plugin to get remote code...
New research: One reason the early years of squids has been such a mystery is because squidsâ lack of hard shells made their fossils hard to come by. Undeterred, the team instead focused on finding ancient squid beaksâhard mouthparts with high...
Long article on the difficulty (impossibility?) of human spying in the age of ubiquitous digital surveillance.
In a series of previous blogposts [1, 2, 3, 4] I ran some experiments drawing the boundaries of the polytopes generated by a fully-connected leaky ReLU network while it was getting trained on reproducing an input image.As I tried to scale the...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Authorities in the United Kingdom this week arrested four alleged members of âScattered Spider,â a prolific data theft and extortion group whose recent victims include multiple airlines and the U.K. retail chain Marks & Spencer. Scattered Spider...
Good tutorial by Micah Lee. It includes some nonobvious use cases.
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
[This is a Guest Diary by Sihui Neo, an ISC intern as part of the SANS.edu BACS program] As part of the SANS degree program curriculum, I had the opportunity to set up a honeypot to monitor log activities mimicking a vulnerable server. I used the...
There are several reasons why one would set up an internal certificate authority. Some are configured to support strong authentication schemes, some for additional flexibility and convenience. I am going to cover the second part. In particular,...
This time itâs the Swedish prime ministerâs bodyguards. (Last year, it was the US Secret Service and Emmanuel Macronâs bodyguards. in 2018, it was secret US military bases.) This is ridiculous. Why do people continue to make their data public?
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Microsoft today released updates to fix at least 137 security vulnerabilities in its Windows operating systems and supported software. None of the weaknesses addressed this month are known to be actively exploited, but 14 of the flaws earned...
Today, Microsoft released patches for 130 Microsoft vulnerabilities and 9 additional vulnerabilities not part of Microsoft's portfolio but distributed by Microsoft. 14 of these are rated critical. Only one of the vulnerabilities was disclosed...
VulnEscape starts with only one open TCP port, remote desktop. Iâll connect and find a kiosk account that doesnât require a password. On logging in, Iâm presented with a full screen image and not much else. Iâll escape kiosk mode by opening Edge,...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Academic papers were found to contain hidden instructions to LLMs: It discovered such prompts in 17 articles, whose lead authors are affiliated with 14 institutions including Japanâs Waseda University, South Koreaâs KAIST, Chinaâs Peking...
Modern malware implements a lot of anti-debugging and anti-analysis features. Today, when a malware is spread in the wild, there are chances that it will be automatically sent into a automatic analysis pipe, and a sandbox. To analyze a sample in...
(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
I find myself in many discussions where questions of "alignment" or "AI safety" crop up. Whenever this is the case, I am baffled by seriously intelligent people imbuing almost magical human-like powers to something that - in my mind - is just...
Aucun article de sécurité disponible