Cyber Security Informer

Discovering MLflow Framework Zero-day Vulnerability | Machine Language Model Security | Contrast Security

Security Boulevard

DECEMBER 1, 2023

Most Machine Language (ML) tools — including the development frameworks used for managing ML life cycles — are relatively new, which means they could well have security vulnerabilities.

attackgen: A cybersecurity incident response testing tool

Penetration Testing

MARCH 15, 2024

AttackGen AttackGen is a cybersecurity incident response testing tool that leverages the power of large language models and the comprehensive MITRE ATT&CK framework.

Penetration Testing

Penetration Testing Cybersecurity

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

The Last Watchdog

MARCH 25, 2024

The National Institute of Standards and Technology (NIST) has updated their widely used Cybersecurity Framework (CSF) — a free respected landmark guidance document for reducing cybersecurity risk. Related: More background on CSF However, it’s important to note that most of the framework core has remained the same. NIST expects CSF 2.0

Cybersecurity

Cybersecurity Artificial Intelligence Risk Government

Cloudflare Unveils a Firewall Designed to Keep LLMs Safe

Security Boulevard

MARCH 5, 2024

Cloudflare wants to help organizations wall off their large-language models (LLMs) from cyberthreats and give enterprises an AI framework to ward off risks, many of which are themselves based on the emerging technology.

Firewall

Firewall Risk Technology Cybersecurity

CVE-2024-23452: Apache bRPC HTTP Request Smuggling Vulnerability

Penetration Testing

FEBRUARY 8, 2024

Apache bRPC is an Industrial-grade RPC framework using C++ Language, which is often used in high-performance system such as Search, Storage, Machine learning, Advertisement, Recommendation, etc.

Penetration Testing

Penetration Testing Advertising

Find Security Flaws in Your Dart & Flutter Applications: Veracode Expands Mobile Application Security Support

Veracode Security

AUGUST 7, 2023

How Does Veracode Prioritize Languages and Frameworks to Support? There are more languages and frameworks than resources and time to support them. This means prioritization is key. Veracode takes a highly considered approach to selecting…

Mobile

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Security Affairs

SEPTEMBER 28, 2023

US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. affecting Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities Catalog. The issue is an Expression Language (EL) injection via the UserResource resource, it affects RichFaces Framework 3.X

Hacking

Hacking Risk Cybersecurity Information Security

Alchimist Attack Framework Targeting Windows, Linux, and macOS Systems

Heimadal Security

OCTOBER 14, 2022

A new attack and C2 framework called “Alchimist” was discovered recently by cybersecurity researchers having actively targeted Windows, Linux, and macOS systems. The framework and all of its files are 64-bit executables created in the programming language GoLang, which greatly facilitates cross-compatibility between various operating systems.

Cybersecurity

Securing Server-Side Kotlin

Security Boulevard

FEBRUARY 4, 2022

I’m excited to expand Contrast Assess language coverage to include Kotlin as a General Availability language. This new language gives us an even larger footprint on the Java ecosystem that already includes Java, Scala, Spring, Java/Jakarta EE, and many other frameworks.

CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds

Dark Reading

MARCH 2, 2023

The Decider tool is designed to make the ATT&CK framework more accessible and usable for security analysts of every level, with an intuitive interface and simplified language.

Parasoft unveils safety testing tool for C and C++ apps

InfoWorld on Security

APRIL 9, 2024

The tool comes at a time when the two venerable programming languages have come under fire over safety concerns. Parasoft has launched a tool to enhance safety testing for C and C++ applications. To read this article in full, please click here

NIST CSF 2.0: What You Need to Know About the Latest Changes

Security Boulevard

JUNE 16, 2023

The NIST Cybersecurity Framework has profoundly impacted the industry by promoting consistent cybersecurity practices, fostering collaboration and information sharing, and establishing a common language and understanding of cybersecurity concepts.

Cyber threats

Cyber threats Cybersecurity Cyber Risk Risk

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

The Last Watchdog

FEBRUARY 20, 2024

Related: The security case for AR, VR AI chatbots use natural language processing, which enables them to understand and respond to human language and machine learning algorithms. Microsoft Bot Framework: Microsoft’s offering is a robust platform providing bot development, deployment and management tools.

Cybersecurity

Cybersecurity Penetration Testing Authentication Social Engineering

ChatGPT for Offensive Security: Five Attacks

Security Boulevard

FEBRUARY 20, 2023

ChatGPT is an AI chatbot that uses Natural Language Processing (NLP) combined with the GPT-3 framework to provide human-like responses. NLP allows the model to… The post ChatGPT for Offensive Security: Five Attacks appeared first on Security Boulevard.

Technology

Technology Phishing Malware Cybersecurity

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Security Affairs

APRIL 16, 2024

The sophisticated mobile spyware has resurfaced after several months of inactivity, the new version of LightSpy, dubbed “F_Warehouse”, supports a modular framework with extensive spying capabilities. The core of LightSpy functions as a complex espionage framework, designed to accommodate extensions via a plugin system.”

Spyware

Spyware Mobile Malware Encryption

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

CSO Magazine

JULY 28, 2021

D3FEND is a new schema released by Mitre last month to establish a common language to help cyber defenders share strategies and methods. It is a companion project to the company’s ATT&CK framework. What is D3FEND? While complementary, the two projects are very different. Get the latest from CSO by signing up for our newsletters. ]

CSO

CSO Cybersecurity

Manjusaka, a new attack tool similar to Sliver and Cobalt Strike

Security Affairs

AUGUST 3, 2022

Researchers spotted a Chinese threat actors using a new offensive framework called Manjusaka which is similar to Cobalt Strike. The attack framework is advertised as an imitation of the Cobalt Strike framework, the experts reported that the implants for the new malware family are written in the Rust language for Windows and Linux.

Malware

Malware Technology Advertising Passwords

Fooling NLP Systems Through Word Swapping

Schneier on Security

APRIL 28, 2020

MIT researchers have built a system that fools natural-language processing systems by swapping words with synonyms: The software, developed by a team at MIT, looks for the words in a sentence that are most important to an NLP classifier and replaces them with a synonym that a human would find natural.

Engineering

Engineering Software

Using the ATT&CK Matrix in real-time to understand threats and attacks

Security Weekly

MARCH 16, 2021

The MITRE ATT&CK Framework is widely recognized as instrumental in providing a common language and framework for describing attack techniques and effectively sharing information across organizations. Uptycs recently announced a major release of its product that […].

Maat: Symbolic execution made easy

Security Boulevard

FEBRUARY 23, 2022

By Boyan Milanov We have released Maat, a cross-architecture, multi-purpose, and user-friendly symbolic execution framework. Maat is easy-to-use, is based on the popular Ghidra intermediate representation (IR) language p-code, prioritizes runtime performance, and has […].

Architecture

Contrast Scan adds support for client-side JavaScript including Angular, React, & jQuery

Security Boulevard

OCTOBER 5, 2022

Contrast has expanded its Static Analysis Security Testing (SAST) language coverage to support client-side JavaScript, including Angular, React and jQuery in both the enterprise version of Contrast Scan as well as CodeSec, Contrast’s free security tool for developers. Contrast’s product roadmap also includes adding support for Vue.js

6 Major PHP Security Vulnerabilities And How To Fix Them

Security Boulevard

FEBRUARY 28, 2023

Although PHP is one of the oldest web development programming languages, it’s still very popular and widely in use. Like in other languages or frameworks, PHP is also vulnerable to attacks. Introduction According to Kinsta, 79.2% of all websites rely on PHP to some degree.

Contrast Security Launches Expanded Security Testing Tools for JavaScript and Popular Angular, React, and jQuery Frameworks

Dark Reading

OCTOBER 6, 2022

New language and framework support empowers developers to analyze front-end code for vulnerabilities throughout the development lifecycle.

News alert: Security Journey accelerates secure coding training platform enhancements

The Last Watchdog

JULY 13, 2023

Since combining HackEDU and Security Journey training offerings into one Platform, the company has added or refreshed almost 200 lessons and 25 languages, frameworks, and technologies; giving customers even more new training content to improve secure coding knowledge gain of up to 85%.

Education

Education Software Technology Media

Hiring – Senior Technical Cybersecurity Consultant

BH Consulting

APRIL 17, 2024

Excellent reporting skills in the English language required. Knowledge of the MITRE ATT&CK framework is required. Experience of cybersecurity frameworks such as ISO 27001, NIST 800 and IEC-62443 is desirable. Good understanding of security assurance testing related data protection/privacy considerations. is required.

Cybersecurity

Cybersecurity Penetration Testing Software Backups

Web3 Trust Dependencies: A Closer Look at Development Frameworks & Tools

Security Boulevard

DECEMBER 14, 2022

In the world of headline-grabbing smart contract exploits, developers and other stakeholders often skew their security attention in one direction; namely, they tend to focus on on-chain code, yet often neglect framework security. Insecure frameworks or languages can subtly introduce vulnerabilities when compiling […].

Rapid7 announced the release of Metasploit 5.0

Security Affairs

JANUARY 12, 2019

the latest version of the popular penetration testing framework that promises to be very easy to use. include new database and automation APIs, evasion modules and libraries, language support, improved performance. include new database and automation APIs, evasion modules and libraries, language support, improved performance.

Penetration Testing

Penetration Testing Advertising Hacking

News alert: SandboxAQ launches new open source framework to simplify cryptography management

The Last Watchdog

AUGUST 8, 2023

8, 2023 – SandboxAQ today announced Sandwich, an open source framework and meta-library of cryptographic algorithms that simplifies modern cryptography management. Palo Alto, Calif.,

Encryption

Encryption Telecommunications Government Technology

Cobalt Strike Inspires Next-generation Crimeware

eSecurity Planet

AUGUST 3, 2022

Dubbed “Manjusaka,” which can be translated as “cow flower,” the framework has the potential to become “prevalent across the threat landscape,” according to researchers. Malicious Actors Need New Post-exploitation Frameworks. See the Top Vulnerability Scanning Tools. How to Protect Against Manjusaka.

Passwords

Passwords Software Ransomware Malware

Spring4Shell (CVE-2022-22965): details and mitigations

SecureList

APRIL 4, 2022

Last week researchers found the critical vulnerability CVE-2022-22965 in Spring – the open source Java framework. Using the vulnerability, an attacker can execute arbitrary code on a remote web server, which makes CVE-2022-22965 a critical threat, given the Spring framework’s popularity. Spring Framework versions 5.3.0

Risk

Risk Malware

Open Source Security Index Lists Top Projects

eSecurity Planet

JANUARY 30, 2023

Also read: Getting Started With the Metasploit Framework: A Pentesting Tutorial The Top 5 Languages At the time of writing, the most popular security projects are written in Python (55%), JavaScript (31.6%), and Go (25.3%). That’s not surprising, as these programming languages are very popular.

InfoSec

InfoSec Accountability Software Cybersecurity

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

Security Affairs

JANUARY 31, 2024

Sliver 11 is an open-source adversary simulation tool that is gaining popularity among threat actors, since it provides a practical command and control framework.” ” Sliver is a post-exploitation framework that is gaining notoriety in the hacking underground as an alternative to the Cobalt Strike framework.

VPN

VPN Malware Authentication Small Business

noir v0.10 releases: attack surface detector from source code

Penetration Testing

AUGUST 21, 2023

Key Features Automatically identify language and framework from source code. Noir Noir is an attack surface detector from source code. Find API endpoints and web pages through code analysis. Load results quickly through interactions... The post noir v0.10

Penetration Testing

AI-Powered Fuzzing: Breaking the Bug Hunting Barrier

Google Security

AUGUST 16, 2023

For the last few months, we’ve tested whether we could boost OSS-Fuzz’s performance using Google’s Large Language Models (LLM). The steps look like this: OSS-Fuzz’s Fuzz Introspector tool identifies an under-fuzzed, high-potential portion of the sample project’s code and passes the code to the evaluation framework.

Engineering

Engineering Software

Cisco Secure: Supporting NIST Cybersecurity Framework

Cisco Security

JUNE 18, 2021

With so many security frameworks, it can be difficult to know where to start from. While many organizations are challenged with managing and improving their cybersecurity programs against the dynamic threat landscape, it’s not easy to pick one framework over another. Cisco and the NIST Cybersecurity Framework White Paper.

Cybersecurity

Cybersecurity Cyber Risk Risk Technology

NIST Seeks Input on International Aspects of the Cybersecurity Framework, Other Resources

NSTIC

APRIL 4, 2022

Addressing global needs is a critical part of NIST’s work in the evolution of the Cybersecurity Framework, especially as we continue to see international adaptions and use cases to address emerging risks. With a growing user base around the world, the Framework is primed for an update that draws more deeply on international viewpoints.

Cybersecurity

Cybersecurity Risk

Cyber Asset Attack Surface Management with Cisco Secure Cloud Insights: Beyond CSPM

Cisco Security

FEBRUARY 28, 2022

Flexible asset querying: SCI’s simple query language and relationship graph database structure make it easy to query the data to answer questions that are the bread-and-butter of security teams, such as: Which hosts are vulnerable in my environment? Are my data stores encrypted at rest? ….

Technology

Technology Risk Engineering Encryption

April’s Patch Tuesday Brings Record Number of Fixes

Krebs on Security

APRIL 9, 2024

Microsoft today released updates to address 147 security holes in Windows, Office , Azure ,NET Framework , Visual Studio , SQL Server , DNS Server , Windows Defender , Bitlocker , and Windows Secure Boot. Adobe has since clarified that its apps won’t use AI to auto-scan your documents, as the original language in its FAQ suggested.

DNS

DNS Social Engineering Malware Media

Understanding the Key Updates in NIST Cybersecurity Framework 2.0

Centraleyes

MARCH 18, 2024

When the guys at the National Institute of Standards and Technology (NIST) released the inaugural Cybersecurity Framework in February 2014, it did not include a batch of questions that were almost certainly on their minds but not in the framework. It became the go-to framework for cybersecurity planning. of the CSF. of the CSF.

Cybersecurity

Cybersecurity Government Risk Technology

Contrast adds SAST support for client-side JavaScript including Angular, React, and JQuery | Contrast Security

Security Boulevard

OCTOBER 5, 2022

Contrast has expanded its Static Analysis Security Testing (SAST) language coverage to support client-side JavaScript, including Angular, React and jQuery in both the enterprise version of Contrast Scan as well as CodeSec, Contrast’s free security tool for developers. Contrast’s product roadmap also includes adding support for Vue.js

Unpatched Open Source Libraries Leave 71% of Apps Vulnerable

Dark Reading

MAY 19, 2020

PHP and JavaScript developers need to pay close attention because different languages and frameworks have different rates of vulnerability, research finds.

Two Google plans that could make open source code more secure

Malwarebytes

JUNE 18, 2021

Rust is a low-level programming language that is designed to be more memory secure than other popular programming languages, such as C. Google has also proposed an end-to-end framework for supply chain integrity which it has dubbed Supply chain Levels for Software Artifacts (SLSA). Rust in Linux. Rust in Linux.

Software

Software IoT Internet Internet

New Spring Framework RCE Vulnerability Confirmed – What to do?

Security Boulevard

MARCH 30, 2022

This is a Spring Expression language SpEL vulnerability in Spring Cloud Function and is NOT related to "Springshell" that impacts Spring Core. The vulnerability affects the spring-core artifact, an extremely popular framework used widely in Java applications, and seems to require JDK9 or newer to be running. How did we get here?

Media

Media Internet Internet Software

The discovery of Alchimist C2 tool, revealed a new attack framework to target Windows, macOS, and Linux systems

Security Affairs

OCTOBER 13, 2022

Experts discovered a new attack framework, including a C2 tool dubbed Alchimist, used in attacks against Windows, macOS, and Linux systems. Researchers from Cisco Talos discovered a new, previously undocumented attack framework that included a C2 dubbed Alchimist. SecurityAffairs – hacking, attack framework).

Malware

Malware Advertising Hacking Information Security

Discovering MLflow Framework Zero-day Vulnerability | Machine Language Model Security | Contrast Security

attackgen: A cybersecurity incident response testing tool

Trending Sources

GUEST ESSAY: NIST’s Cybersecurity Framework update extends best practices to supply chain, AI

Cloudflare Unveils a Firewall Designed to Keep LLMs Safe

CVE-2024-23452: Apache bRPC HTTP Request Smuggling Vulnerability

Find Security Flaws in Your Dart & Flutter Applications: Veracode Expands Mobile Application Security Support

CISA adds JBoss RichFaces Framework flaw to its Known Exploited Vulnerabilities catalog

Alchimist Attack Framework Targeting Windows, Linux, and macOS Systems

Securing Server-Side Kotlin

CISA, MITRE Look to Take ATT&CK Framework Out of the Weeds

Parasoft unveils safety testing tool for C and C++ apps

NIST CSF 2.0: What You Need to Know About the Latest Changes

GUEST ESSAY: Everything you should know about the cybersecurity vulnerabilities of AI chatbots

ChatGPT for Offensive Security: Five Attacks

A renewed espionage campaign targets South Asia with iOS spyware LightSpy

Mitre D3FEND explained: A new knowledge graph for cybersecurity defenders

Manjusaka, a new attack tool similar to Sliver and Cobalt Strike

Fooling NLP Systems Through Word Swapping

Using the ATT&CK Matrix in real-time to understand threats and attacks

Maat: Symbolic execution made easy

Contrast Scan adds support for client-side JavaScript including Angular, React, & jQuery

6 Major PHP Security Vulnerabilities And How To Fix Them

Contrast Security Launches Expanded Security Testing Tools for JavaScript and Popular Angular, React, and jQuery Frameworks

News alert: Security Journey accelerates secure coding training platform enhancements

Hiring – Senior Technical Cybersecurity Consultant

Web3 Trust Dependencies: A Closer Look at Development Frameworks & Tools

Rapid7 announced the release of Metasploit 5.0

News alert: SandboxAQ launches new open source framework to simplify cryptography management

Cobalt Strike Inspires Next-generation Crimeware

Spring4Shell (CVE-2022-22965): details and mitigations

Open Source Security Index Lists Top Projects

Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware

noir v0.10 releases: attack surface detector from source code

AI-Powered Fuzzing: Breaking the Bug Hunting Barrier

Cisco Secure: Supporting NIST Cybersecurity Framework

NIST Seeks Input on International Aspects of the Cybersecurity Framework, Other Resources

Cyber Asset Attack Surface Management with Cisco Secure Cloud Insights: Beyond CSPM

April’s Patch Tuesday Brings Record Number of Fixes

Understanding the Key Updates in NIST Cybersecurity Framework 2.0

Contrast adds SAST support for client-side JavaScript including Angular, React, and JQuery | Contrast Security

Unpatched Open Source Libraries Leave 71% of Apps Vulnerable

Two Google plans that could make open source code more secure

New Spring Framework RCE Vulnerability Confirmed – What to do?

The discovery of Alchimist C2 tool, revealed a new attack framework to target Windows, macOS, and Linux systems

Stay Connected