An AI Agent Execution Environment to Safeguard User Data

AI agents promise to serve as general-purpose personal assistants for their users, which requires them to have access to private user data e.g., personal and financial information. This poses a serious risk to security and privacy. Adversaries may attack the AI model e.g., via prompt injection to...

Applying Security Engineering to Prompt Injection Security

This seems like an important advance in LLM security against prompt injection: Google DeepMind has unveiled CaMeL CApabilities for MachinE Learning, a new approach to stopping prompt-injection attacks that abandons the failed strategy of having AI models police themselves. Instead, CaMeL treats...

DejaVuzz: Disclosing Transient Execution Bugs with Dynamic Swappable Memory and Differential Information Flow Tracking Assisted Processor Fuzzing

Transient execution vulnerabilities have emerged as a critical threat to modern processors. Hardware fuzzing testing techniques have recently shown promising results in discovering transient execution bugs in large-scale out-of-order processor designs. However, their poor microarchitectural...

Context is King: Using API Sessions for Security Context

There’s no doubt that API security is a hot topic these days. The continued growth in API-related breaches and increase in publicized API vulnerabilities has pushed API security to the top of CISO’s lists. The tools in the market for API security still have room for improvement, of course. One of...

Cisco Adaptive Security Appliance (ASA) Software FTP Inspection Bypass Vulnerability (cisco-sa-asaftd-ftpbypass-HY3UTxYu)

According to its self-reported version number, there is a vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software that could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffi...

Cisco Firepower Threat Defense (FTD) Software FTP Inspection Bypass Vulnerability (cisco-sa-asaftd-ftpbypass-HY3UTxYu)

According to its self-reported version number, there is a vulnerability in the FTP inspection engine of Cisco Firepower Threat Defense FTD Software that could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. ...

CVE-2020-3564

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacke...

CVE-2020-3564

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacke...

Design/Logic Flaw

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacke...

CVE-2020-3564 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacke...

CVE-2020-3564 Cisco Adaptive Security Appliance Software and Firepower Threat Defense Software FTP Inspection Bypass Vulnerability

A vulnerability in the FTP inspection engine of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to bypass FTP inspection. The vulnerability is due to ineffective flow tracking of FTP traffic. An attacke...

IE GC information leakage the vulnerability of the gossip-vulnerability warning-the black bar safety net

This vulnerability is several months earlier dion cow release, also recently got a pwnie award of the prize, the original speaking of the flash, ff, etc. of the GC engine are the use of conserved marker removal algorithm and are not tag data or pointer, so the presence of this problem, dion cattl...