Aggregator

往期回顾：

2024.9.16—2024.9.22安全动态周回顾

2024.9.9—2024.9.15安全动态周回顾

2024.9.2—2024.9.8安全动态周回顾

2024.8.26—2024.9.1安全动态周回顾

2024.8.19—2024.8.25安全动态周回顾

2024.8.12—2024.8.18安全动态周回顾

2024.8.5—2024.8.11安全动态周回顾

Application programming interfaces (APIs) are essential to how generative AI (GenAI) functions with agents (e.g., calling upon them for data). But the combination of API and LLM issues coupled with rapid rollouts is likely to see numerous organizations having to combat security failings. While GenAI is susceptible to the usual security issues associated with APIs such as authentication, authorization and data exposure, there are also AI-specific concerns which have been well-documented by the OWASP Project … More →

The post Could APIs be the undoing of AI? appeared first on Help Net Security.

SCCMSecrets is an open-source tool that exploits SCCM policies, offering more than just NAA credential extraction. SCCM policies are a key target for attackers in Active Directory environments, as they can expose sensitive technical information, including account credentials. Attackers may retrieve these credentials by impersonating a registered device with authenticated access or, in some cases, even from an unauthenticated position by exploiting misconfigurations in policy distribution. SCCMSecrets provides a thorough approach to identifying and exploiting … More →

The post SCCMSecrets: Open-source SCCM policies exploitation tool appeared first on Help Net Security.

Open source has become the foundation of modern application development, with up to 98% of applications incorporating open-source components and open-source code accounting for 70% or more of the typical application. In this Help Net Security video, Donald Fischer, CEO at Tidelift, discusses the 2024 State of the Open Source Maintainer report, which provides insights into the work and mindset of open source maintainers. The study showed that paid maintainers are 55% more likely than … More →

The post Open source maintainers: Key to software health and security appeared first on Help Net Security.