28°C
forte pluie
WingData runs a Wing FTP Server instance with anonymous access enabled. I’ll abuse a null-byte injection flaw in the web interface that smuggles Lua code into the session file, giving remote code execution and a shell. From there, I’ll find Wing...
Rising threats from third-party actors are forcing institutions to play defense to protect student data from ransomware and other attacks.
Chinese companies control nearly two-thirds of Argentina’s own squid fleet.
Companies are still experimenting with automated AI systems to find security weaknesses, but fewer are relying on the technology.
Cisco joins a growing list of security platform providers who are betting that securing the agentic workforce means turning identity into the primary control plane.
We know that ICE wants to deploy eyeglasses with facial recognition that can identify people in real time. Turns out Meta is prototyping the feature with a Pentagon supplier. (Alternate news story.)
The Open Source Sustainability Initiative's goal is to help enterprises manage and secure aging open source projects while maintaining regulatory compliance.
Instead of eliminating jobs for early-career cyber pros, AI is creating new opportunities for candidates with strong human decision-making skills.
Getting accurate visibility into IT and OT systems will be compounded by multivendor environments, misaligned update life cycles, and interoperability gaps.
It might be taking a bit longer than usual to respond to your submissions — here's why.
A database of almost a million passports from around the world was leaked online. Note what happened. A high-value credential—a passport—was used in an ancillary low-value authentication system: ID verification for cannabis dispensaries. And it’s...
The fintech company's engineering-first application security team re-engineered the process for granting system access, making it easier and more secure for developers working on their projects. Here are the lessons learned from Robinhood's experience.
The flaw enables server-side request forgery (SSRF) and escalates privileges to root, impacting Cisco Unified CM and Unified CM SME deployments.
The FSB state-sponsored operation has gotten a lot better at loading its malware and hiding its servers.
Educational institutions, the edtech companies they rely on, and, more concerningly, the challenges they pose for schools are the focus of the latest Reporters' Notebook video series.
With tens of billions of dollars flowing into regional economies from cybercrime, scam centers continue to flourish, despite international and law-enforcement efforts.
Earlier this month, a German court ruled that Google is liable for its AI search summaries. Rejecting defenses like “users can check for themselves,” and that they generally know “that information generated with AI should not be blindly trusted,”...
This is a fascinating explotation of how LLMs fall for prompt injection attacks. It turns out that they learn to recognize the style of text in different role/instruction blocks, and not just the tags. Their conclusion: Role tags were a...
After a global lull, ransomware gangs are setting sights on a rich new arena: attacking EU organizations and their suppliers.
[This is a Guest Diary by Nicole Phillips, an ISC intern as part of the SANS.edu BACS program] "I was just sitting here enjoying the company. Plants got a lot to say, if you take the time to listen." — Eeyore, Winnie the Pooh Introduction:...
Aucun article de sécurité disponible