71 matches found
The Future of Cybersecurity Includes Non-Human Employees
Non-human employees are becoming the future of cybersecurity, and enterprises need to prepare accordingly. As organizations scale Artificial Intelligence AI and cloud automation, there is exponential growth in Non-Human Identities NHIs, including bots, AI agents, service accounts and automation...
SoK: Security Evaluation of Wi-Fi CSI Biometrics: Attacks, Metrics, and Systemic Weaknesses
Wi-Fi Channel State Information CSI has been repeatedly proposed as a biometric modality, often with reports of high accuracy and operational feasibility. However, the field lacks a consolidated understanding of its security properties, adversarial resilience, and methodological consistency. This...
EUVD-2017-15563
Malware in sbrugna...
Modern vehicle cybersecurity trends
Modern vehicles are transforming into full-fledged digital devices that offer a multitude of features, from common smartphone-like conveniences to complex intelligent systems and services designed to keep everyone on the road safe. However, this digitalization, while aimed at improving comfort an...
MCPSecBench: a Systematic Security Benchmark and Playground for Testing Model Context Protocols
Large Language Models LLMs are increasingly integrated into real-world applications via the Model Context Protocol MCP, a universal, open standard for connecting AI agents with data sources and external tools. While MCP enhances the capabilities of LLM-based agents, it also introduces new securit...
From Assistants to Adversaries: Exploring the Security Risks of Mobile LLM Agents
The growing adoption of large language models LLMs has led to a new paradigm in mobile computing--LLM-powered mobile AI agents--capable of decomposing and automating complex tasks directly on smartphones. However, the security implications of these agents remain largely unexplored. In this paper,...
Fine-Grained Manipulation Attacks to Local Differential Privacy Protocols for Data Streams
Local Differential Privacy LDP enables massive data collection and analysis while protecting end users' privacy against untrusted aggregators. It has been applied to various data types e.g., categorical, numerical, and graph data and application settings e.g., static and streaming. Recent finding...
Checking in on the state of cybersecurity and the Olympics
With the 2024 Olympics Opening Ceremony only two weeks away now, there is one thing thats an absolute guarantee of one thing happening during the traditionally unpredictable games: Cyber attacks. Every time there is a new Olympic Games, theres a renewed discussion about how threat actors,...
GenAI risks to be aware of — and prepare for — according to Gartner®
The deployment of GenAI, LLMs, and chat interfaces expands potential attack surfaces and poses increased security threats...
What is Exposure Management and How Does it Differ from ASM?
Startups and scales-ups are often cloud-first organizations and rarely have sprawling legacy on-prem environments. Likewise, knowing the agility and flexibility that cloud environments provide, the mid-market is predominantly running in a hybrid state, partly in the cloud but with some on-prem...
New TTPs observed in Mint Sandstorm campaign targeting high-profile individuals at universities and research orgs
Since November 2023, Microsoft has observed a distinct subset of Mint Sandstorm PHOSPHORUS targeting high-profile individuals working on Middle Eastern affairs at universities and research organizations in Belgium, France, Gaza, Israel, the United Kingdom, and the United States. In this campaign,...
Google Using Clang Sanitizers to Protect Android Against Cellular Baseband Vulnerabilities
Google is highlighting the role played by Clang sanitizers in hardening the security of the cellular baseband in the Android operating system and preventing specific kinds of vulnerabilities. This comprises Integer Overflow Sanitizer IntSan and BoundsSanitizer BoundSan, both of which are part of...
You Don't Know Where Your Secrets Are
Do you know where your secrets are? If not, I can tell you: you are not alone. Hundreds of CISOs, CSOs, and security leaders, whether from small or large companies, don't know either. No matter the organization's size, the certifications, tools, people, and processes: secrets are not visible in 9...
pyload 安全漏洞
pyload is a free and open source download manager written in Python, designed to be extremely lightweight, easily extensible and fully manageable over the Web. A security vulnerability exists in versions prior to pyload/pyload 0.5.0b3.dev41, which stems from the presence of too many attack surfac...
ISO 27002 Emphasizes Need For Threat Intelligence
With employees reluctant to return to the office following the COVID-19 pandemic, the concept of a well-defined network perimeter has become a thing of the past for many organizations. Attack surfaces continue to expand, and as a result, threat intelligence has taken on even greater importance...
New Study Finds Most Enterprise Vendors Failing to Mitigate Speculative Execution Attacks
With speculative execution attacks remaining a stubbornly persistent vulnerability ailing modern processors, new research has highlighted an "industry failure" to adopt mitigations released by AMD and Intel, posing a firmware supply chain threat. Dubbed FirmwareBleed by Binarly, the information...
EFB Tampering. Holdover Time
TL;DR Holdover applications are a relatively new method of calculating the effectiveness of anti-icing fluid sprayed onto aircraft wings. Applications such as these have additional attack surfaces as the developer and source databases need to be considered Airlines often view limits as targets to...
Why It’s Time to Map the Digital Attack Surface
Trend Micro research reveals struggle to control cyber risks against mounting digital attack surfaces...
The ownership context is too centralized leaving room for other attack surfaces
Lines of code Vulnerability details Impact The ownership context is too centralized leaving room for other attack surfaces and leaving impression of distrust for the participants. Proof of Concept Almost all of the functions have onlyOwner modifier which allows accessing all the vital points of t...
Exploring a New Class of Kernel Exploit Primitive
The security landscape is dynamic, changing often and as a result, attack surfaces evolve. MSRC receives a wide variety of cases spanning different products, bug types and exploit primitives. One particularly interesting primitive we see is an arbitrary kernel pointer read. These often happen whe...