Aggregator

快来吃瓜！

At ANY.RUN, we’re all about making in-depth technical information accessible. One of the ways we do this is by providing you with various detailed, yet easy-to-understand reports on malware behavior. One such report is Process graph.  What is Process graph?  Process graph is a report that visually shows how system processes, especially malicious ones, relate […]

The post See Malicious Process Relationships <br> on a Visual Graph  appeared first on ANY.RUN's Cybersecurity Blog.

本文基于《原子科学家公报》中的数据，总结了2024年美国核武器的储备、部署和现代化计划的基本情况。

在1997年，一部揭露历史的文件浮出水面，这份名为库巴克反情报审讯手册的文档，原是中央情报局（CIA）在过去3

KCon大会议题巡展正式开启

近日，瑞星威胁情报平台捕获到一起东南亚黑客组织Patchwork对我国某科技大学发起的APT攻击事件，发现其意 […]

减少 95% 资源的向量搜索 | 使用云搜索的 DiskANN

随着人工智能技术的飞速发展，大模型在网络安全领域扮演着越来越重要的角色。本文将汇总目前大模型在网络安全中的各种应用，探讨它们如何帮助我们更好地防御网络威胁，保护数据安全。

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that

Google Colab AI, now just called Gemini in Colab, was vulnerable to data leakage via image rendering.

This is an older bug report, dating back to November 29, 2023. However, recent events prompted me to write this up:

1. Google did not reward this finding, and
2. Colab now automatically puts Notebook content (untrusted data) into the prompt.

Let’s explore the specifics.

Google Colab AI - Revealing the System Prompt

At the end of November last year, I noticed that there was a “Colab AI” feature, which integrated an LLM to chat with and write code. Naturally, I grabbed the system prompt, and it contained instructions that begged the LLM to not render images.

DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Jan-Niklas Sohn' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Mat Powell of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'kimiya' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.

A CVSS score 7.8 AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H severity vulnerability discovered by 'Bobby Gould and Fritz Sands of Trend Micro Zero Day Initiative' was reported to the affected vendor on: 2024-07-25, 70 days ago. The vendor is given until 2024-11-22 to publish a fix or workaround. Once the vendor has created and tested a patch we will coordinate the release of a public advisory.