These days, if you’re walking around with a cellphone, you’ve basically fitted an always-on tracking device to your person. That’s even more the case if there happens to be an eavesdropping device in your vicinity. To combat this, the Electronic Frontier Foundation has created Rayhunter as a warning device. Rayhunter is built to detect IMSI […]
This week, Oligo has announced the AirBorne series of vulnerabilities in the Apple Airdrop protocol and SDK. This is a particularly serious set of issues, and notably affects MacOS desktops and laptops, the iOS and iPadOS mobile devices, and many IoT devices that use the Apple SDK to provide AirPlay support. It’s a group of […]
Researchers at Aikido run the Aikido Intel system, an LLM security monitor that ingests the feeds from public package repositories, and looks for anything unusual. In this case, the unusual activity was five rapid-fire releases of the xrpl package on NPM. That package is the XRP Ledger SDK from Ripple, used to manage keys and […]
The sky is falling. Or more specifically, it was about to fall, according to the security community this week. The MITRE Corporation came within a hair’s breadth of running out of its contract to maintain the CVE database. And admittedly, it would be a bad thing if we suddenly lost updates to the central CVE […]
Lots of people swear by large-language model (LLM) AIs for writing code. Lots of people swear at them. Still others may be planning to exploit their peculiarities, according to [Joe Spracklen] and other researchers at USTA. At least, the researchers have found a potential exploit in ‘vibe coding’. Everyone who has used an LLM knows […]
AI continues to be used in new and exciting ways… like generating spam messages. Yes, it was inevitable, but we now have spammers using LLM to generate unique messages that don’t register as spam. AkiraBot is a Python-powered tool, designed to evade CAPTCHAs, and post sketchy SEO advertisements to web forms and chat boxes around […]
We know a bit more about the GitHub Actions supply chain attack from last month. Palo Alto’s Unit 42 has been leading the charge on untangling this attack, and they’ve just released an update to their coverage. The conclusion is that Coinbase was the initial target of the attack, with the open source agentkit package […]
When you think of attacking or defending computer systems, you probably think of software viruses and the corresponding anti-virus software. But MIT’s 6.5950 class teaches secure hardware design — how to attack and defend CPUs from bad actors. Interested? The course is open source, so you can follow along as long as you don’t mind […]
When attempting to secure something, whether it’s a computer, sensitive data, or valuables, there’s always going to be a way to break that security. It might be impossibly hard, like taking centuries to brute-force an encryption algorithm, but it’s weakness is still there. And, like the future might make certain encryption obsolete, modern electronics has […]
This week, researchers from Wiz Research released a series of vulnerabilities in the Kubernetes Ingress NGINX Controller that, when chained together, allow an unauthorized attacker to completely take over the cluster. This attack chain is known as IngressNightmare, and it affected over 6500+ Kubernetes installs on the public Internet. The background here is that web […]