NHIs Are the Future of Cybersecurity: Meet NHIDR

The frequency and sophistication of modern cyberattacks are surging, making it increasingly challenging for organizations to protect sensitive data and critical infrastructure. When attackers compromise a non-human identity NHI, they can swiftly exploit it to move laterally across systems,...

AI is the Solution, Not the Problem

AI is the Solution, Not the Problem By Trellix · August 07, 2023 This story was also written by Oded Margalit. AI Artificial Intelligence / ML Machine Learning has recently been painted as the master evil. In this blog I would like to suggest a different view, where we can use it to make a better...

White House unveils Blueprint for an AI Bill of Rights

On Tuesday, the Biden-Harris Administration's Office of Science and Technology Policy OSTP unveiled a new Blueprint for an AI Bill of Rights, which lists five principles to guide the design, use, and development of intelligence-based automated systems "to protect the American public in the age of...

CVE-2021-33542 Phoenix Contact: Automation Worx Software Suite affected by Remote Code Execution (RCE) vulnerability

Phoenix Contact Classic Automation Worx Software Suite in Version 1.87 and below is affected by a remote code execution vulnerability. Manipulated PC Worx or Config+ projects could lead to a remote code execution when unallocated memory is freed because of incompletely initialized data. The...

How Facebook’s Anti-Revenge Porn Tools Failed Katie Hill

Despite automated systems and zero tolerance policies, it's easy to find photos of the former representative weeks after they were published without her consent...

Why “Just Patch It!” Isn’t as Easy as You Think

At the Zero Day Initiative ZDI, we see patches in a way few do. We get the initial report from a researcher, we verify the issue internally, we notify the vendor, and finally we publish some details once a patch is released. Those patches represent the best method for preventing cyber attacks...

Hacking Traffic Systems for Fun and Chaos

It has been a running joke in the tech industry for years that the hacking scenes in movies are, well, a joke. Hackers in hoodies pushing a few keys and taking down the power grid or causing massive traffic pileups by turning all the stoplights green at once. While those scenes provide endless...

Google Admits that It Reads your Emails

Google has updated its privacy terms and conditions on Monday to offer more transparency regarding its email-scanning practices. One of the world’s biggest Web internet giant, Google, made it clear that the information its users submit and share with its systems is all analyzed. Last year, Google...

OpenSSL -- CMS and S/MIME Bleichenbacher attack

The OpenSSL Team reports: A weakness in the OpenSSL CMS and PKCS 7 code can be exploited using Bleichenbacher's attack on PKCS 1 v1.5 RSA padding also known as the million message attack MMA. Only users of CMS, PKCS 7, or S/MIME decryption operations are affected. A successful attack needs on...

Gentoo Security Advisory GLSA 200503-29 (GnuPG)

The remote host is missing updates announced in advisory GLSA 200503-29. OpenVAS Vulnerability Test $ Description: Auto generated from Gentoo's XML based advisory Authors: Thomas Reinke Copyright: Copyright c 2008 E-Soft Inc. http://www.securityspace.com Text descriptions are largely excerpted fr...

gzip: Multiple vulnerabilities

Background gzip, the GNU zip compression utility, is a free and patent unencumbered replacement for the standard compress utility. Description Tavis Ormandy of the Google Security Team has reported multiple vulnerabilities in gzip. A stack buffer modification vulnerability was discovered in the L...

GLSA-200602-10 : GnuPG: Incorrect signature verification

The remote host is affected by the vulnerability described in GLSA-200602-10 GnuPG: Incorrect signature verification Tavis Ormandy of the Gentoo Linux Security Auditing Team discovered that automated systems relying on the return code of GnuPG or gpgv to authenticate digital signatures may be...

GnuPG: Incorrect signature verification

Background GnuPG The GNU Privacy Guard is a free replacement for PGP Pretty Good Privacy. As GnuPG does not rely on any patented algorithms, it can be used without any restrictions. gpgv is the OpenPGP signature verification tool provided by the GnuPG system. Description Tavis Ormandy of the Gent...

lha buffer overflows and path traversal issues

Ulf Härnhammar discovered several vulnerabilities in LHa for UNIX's path name handling code. Specially constructed archive files may cause LHa to overwrite files or execute arbitrary code with the privileges of the user invoking LHa. This could be particularly harmful for automated systems that...