ChatGPT happy to write ransomware, just really bad at it
This morning I decided to write some ransomware. I've never done it before, and I can't code in C, the language ransomware is mostly commonly written in, but I have a reasonably good idea of what ransomware does. Previously, this lack of technical skills would have served as something of a barrier....
7.1AI Score
My latest book continues to sell well. Its ranking hovers between 1,500 and 2,000 on Amazon. It's been spied in airports. Reviews are consistently good. I have been enjoying giving podcast interviews. It all feels pretty good right now. You can order a signed book from me here. For those of you in....
6.8AI Score
ChatGPT leaks bits of users' chat history
New gadgets and software come with new bugs, especially if they're rushed. We can see this very clearly in the race between tech giants to push large language models (LLMs) like ChatGPT and its competitors out the door. In the most recently revealed LLM bug, ChatGPT allowed some users to see the...
6.3AI Score
Exploit for Integer Overflow or Wraparound in Linux Linux Kernel
Linux kernel release 4.x http://kernel.org/ These are the...
7.8CVSS
8.2AI Score
0.0004EPSS
books-price.com Cross Site Scripting vulnerability OBB-3226992
Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently...
-0.1AI Score
Nearly 90% of the multibillion-dollar federal lobbying apparatus in the United States serves corporate interests. In some cases, the objective of that money is obvious. Google pours millions into lobbying on bills related to antitrust regulation. Big energy companies expect action whenever there...
0.2AI Score
When Dave Liebenberg started his first day at Talos, he had never even opened Terminal on a Mac before -- let alone written a Snort rule or infiltrated a dark web forum. He jokes that he was a trendsetter at Talos, becoming the first of many to break into security without having any prior...
6.4AI Score
homeassistant is an open source home automation tool. A remotely exploitable vulnerability bypassing authentication for accessing the Supervisor API through Home Assistant has been discovered. This impacts all Home Assistant installation types that use the Supervisor 2023.01.1 or older....
10CVSS
9.7AI Score
0.034EPSS
6.6AI Score
0.0004EPSS
7.5AI Score
7.5AI Score
6.7AI Score
0.02EPSS
Redemption fee increase can be thwarted
Lines of code Vulnerability details Impact The mechanism to increase the baseRate during redemptions is moot, up to gas fees. Therefore an arbitrageur can redeem more than what is healthy for the supply of LUSD. This weakens the price floor at $1, and may cause needless volatility. It further...
6.7AI Score
A flaw was found in libpng 1.6.38. A crafted PNG image can lead to a segmentation fault and denial of service in png_setup_paeth_row()...
5.5CVSS
5.6AI Score
0.001EPSS
A vulnerability was found in icplayer up to 0.818. It has been rated as problematic. Affected by this issue is some unknown functionality of the file addons/Commons/src/tts-utils.js. The manipulation leads to cross site scripting. The attack may be launched remotely. Upgrading to version 0.819 is.....
6.1CVSS
6.2AI Score
0.001EPSS
A vulnerability was found in icplayer up to 0.819. It has been declared as problematic. Affected by this vulnerability is the function AddonText_Selection_create of the file addons/Text_Selection/src/presenter.js. The manipulation leads to cross site scripting. The attack can be launched remotely.....
6.1CVSS
6.2AI Score
0.001EPSS
Wordfence Intelligence Weekly WordPress Vulnerability Report (Feb 20, 2023 to Feb 26, 2023)
Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme, and plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly credentialed and experienced...
9.8CVSS
0.1AI Score
EPSS
The WordPress Ecosystem is Becoming More Secure with Responsible Disclosure Becoming More Common
The Wordfence 2022 State of WordPress Security Report was released on January 24th, 2023. One area that we reviewed in this report were the vulnerabilities disclosed in 2022. Keeping in mind that some vulnerabilities affected multiple plugins, themes, and WordPress core, a total of 2,370...
-0.1AI Score
5 reasons to adopt a Zero Trust security strategy for your business
Adopting Zero Trust security for your enterprise is no longer a wish-list item—it’s a business imperative. The workplace today extends to almost anywhere, anytime, from any device. Siloed, patchwork security solutions leave gaps that threat actors continue to exploit. A comprehensive Zero Trust...
0.1AI Score
5 reasons to adopt a Zero Trust security strategy for your business
Adopting Zero Trust security for your enterprise is no longer a wish-list item—it’s a business imperative. The workplace today extends to almost anywhere, anytime, from any device. Siloed, patchwork security solutions leave gaps that threat actors continue to exploit. A comprehensive Zero Trust...
0.1AI Score
The mobile malware threat landscape in 2022
These statistics are based on detection verdicts of Kaspersky products received from users who consented to providing statistical data. Figures of the year In 2022, Kaspersky mobile products and technology detected: 1,661,743 malicious installers 196,476 new mobile banking Trojans 10,543 new...
-0.1AI Score
Denial of service could be caused to markdown-it-py, before v2.2.0, if an attacker was allowed to force null assertions with specially crafted...
5.5CVSS
5.2AI Score
0.0004EPSS
Denial of service could be caused to the command line interface of markdown-it-py, before v2.2.0, if an attacker was allowed to use invalid UTF-8 characters as...
5.5CVSS
5.2AI Score
0.0004EPSS
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.3AI Score
0.001EPSS
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.5AI Score
0.001EPSS
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.4AI Score
0.001EPSS
CVE-2023-0541 GS Books Showcase < 1.3.1 - Contributor+ Stored XSS
The GS Books Showcase WordPress plugin before 1.3.1 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.5AI Score
0.001EPSS
The plugin does not have CSRF check in place when updating its settings, which could allow attackers to make a logged in admin change them via a CSRF...
8.8CVSS
6.7AI Score
0.001EPSS
Defending against AI Lobbyists
When is it time to start worrying about artificial intelligence interfering in our democracy? Maybe when an AI writes a letter to The New York Times opposing the regulation of its own technology. That happened last month. And because the letter was responding to an essay we wrote, we're starting...
-0.1AI Score
Mitigation of H-02: Issue not fully mitigated
Lines of code Vulnerability details Mitigation of H-02: Issue not fully mitigated Original issue: H-02: Basket range formula is inefficient, leading the protocol to unnecessary haircut Not mitigated - top range can still be too high, leading to unnecessary haircut The applied mitigation follows...
6.6AI Score
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, when gitk is run on Windows, it potentially runs executables from the current directory inadvertently, which can be exploited with some social engineering to trick users into running...
8.6CVSS
7.6AI Score
0.001EPSS
Git for Windows is the Windows port of the revision control system Git. Prior to Git for Windows version 2.39.2, by carefully crafting DLL and putting into a subdirectory of a specific name living next to the Git for Windows installer, Windows can be tricked into side-loading said DLL. This...
7.3CVSS
7.1AI Score
0.0004EPSS
Git, a revision control system, is vulnerable to path traversal prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8. By feeding a crafted input to git apply, a path outside the working tree can be overwritten as the user who is running git apply. A.....
7.5CVSS
2AI Score
0.001EPSS
Git is a revision control system. Using a specially-crafted repository, Git prior to versions 2.39.2, 2.38.4, 2.37.6, 2.36.5, 2.35.7, 2.34.7, 2.33.7, 2.32.6, 2.31.7, and 2.30.8 can be tricked into using its local clone optimization even when using a non-local transport. Though Git will abort local....
5.5CVSS
6.5AI Score
0.001EPSS
Jailbreaking ChatGPT and other large language models while we can
The introduction of ChatGPT launched an arms race between tech giants. The rush to be the first to incorporate a similar large language model (LLM) into their own offerings (read: search engines) may have left a lot of opportunities to bypass the active restrictions such as bias, privacy concerns,....
-0.7AI Score
A Hacker’s Mind Is Now Published
Tuesday was the official publication date of A Hacker's Mind: How the Powerful Bend Society's Rules, and How to Bend them Back. It broke into the 2000s on the Amazon best-seller list. Reviews in the New York Times, Cory Doctorow's blog, Science, and the Associated Press. I wrote essays related to.....
1.2AI Score
The tax code isn’t software. It doesn’t run on a computer. But it’s still code. It’s a series of algorithms that takes an input--financial information for the year--and produces an output: the amount of tax owed. It’s incredibly complex code; there are a bazillion details and exceptions and...
-0.3AI Score
Wordfence Intelligence CE Weekly Vulnerability Report (1-30-2023 to 2-5-2023)
In case you missed it, Wordfence has curated an industry leading vulnerability database with all known WordPress core, theme and, plugin vulnerabilities known as Wordfence Intelligence Community Edition. This database is continuously updated, maintained, and populated by Wordfence's highly...
8.8CVSS
AI Score
EPSS
Attacking Machine Learning Systems
The field of machine learning (ML) security--and corresponding adversarial ML--is rapidly advancing as researchers develop sophisticated techniques to perturb, disrupt, or steal the ML model or data. It’s a heady time; because we know so little about the security of these systems, there are many...
AI Score
A Hacker's Mind will be published on Tuesday. I have done a written interview and a podcast interview about the book. It's been chosen as a "February 2023 Must-Read Book" by the Next Big Idea Club. And an "Editor's Pick"--whatever that means--on Amazon. There have been three reviews so far. I am...
1AI Score
Mitigate risk by integrating threat modeling and DevOps processes
Agile and DevOps are without any doubt two of the biggest security trends of recent years. The rapid rise of the cloud has only fueled the need for flexibility and dynamicity. Therefore, it’s natural for developers and organizations to seek methodologies and tools for addressing new requirements...
-0.2AI Score
Mitigate risk by integrating threat modeling and DevOps processes
Agile and DevOps are without any doubt two of the biggest security trends of recent years. The rapid rise of the cloud has only fueled the need for flexibility and dynamicity. Therefore, it’s natural for developers and organizations to seek methodologies and tools for addressing new requirements...
-0.2AI Score
GS Books Showcase < 1.3.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks. PoC [gs_book_showcase theme='"...
5.4CVSS
5.1AI Score
0.001EPSS
GS Books Showcase < 1.3.1 - Contributor+ Stored XSS
The plugin does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting...
5.4CVSS
5.2AI Score
0.001EPSS
Kevin Mitnick Hacked California Law in 1983
Early in his career, Kevin Mitnick successfully hacked California law. He told me the story when he heard about my new book, which he partially recounts his 2012 book, Ghost in the Wires. The setup is that he just discovered that there's warrant for his arrest by the California Youth Authority,...
-0.7AI Score
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I'd like to share with a project I'm working on since holidays, where the mentioned.....
0.1AI Score
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned.....
0.1AI Score
Introducing Microservices Patterns with Spring Integration
Hey Spring Community! I hope you are enjoying Spring One Essentials these days. The most exciting feature for me is an Observability which is spread throughout the Spring portfolio from now on. Nevertheless, today I’d like to share with a project I’m working on since holidays, where the mentioned.....
0.1AI Score
Amazon Linux 2 : libpng (ALAS-2023-1904)
The version of libpng installed on the remote host is prior to 1.5.13-8. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2023-1904 advisory. Integer underflow in the png_check_keyword function in pngwutil.c in libpng 0.90 through 0.99, 1.0.x before 1.0.66, 1.1.x and...
0.9AI Score
0.022EPSS
Publisher’s Weekly Review of A Hacker’s Mind
Publisher's Weekly reviewed A Hacker's Mind--and it's a starred review! "Hacking is something that the rich and powerful do, something that reinforces existing power structures," contends security technologist Schneier (Click Here to Kill Everybody) in this excellent survey of exploitation....
1.4AI Score