Google Offers Bug Bounties for Generative AI Security Vulnerabilities
Google’s Vulnerability Reward Program offers up to $31,337 for discovering potential hazards. Google joins OpenAI and Microsoft in rewarding AI bug hunts.
Open Source
Logging Made Easy: Free log management solution from CISA
CISA launched a new version of Logging Made Easy (LME), a straightforward log management solution for Windows-based devices that can be downloaded and self-installed for free. CISA’s version reimagines technology developed by the United Kingdom’s Natio…
New Cyberattack From Winter Vivern Exploits a Zero-Day Vulnerability in Roundcube Webmail
After reading the technical details about this zero-day that targeted governmental entities and a think tank in Europe and learning about the Winter Vivern threat actor, get tips on mitigating this cybersecurity attack.
GOAD: Vulnerable Active Directory environment for practicing attack techniques
Game of Active Directory (GOAD) is a free pentesting lab. It provides a vulnerable Active Directory environment for pen testers to practice common attack methods. GOAD-Light: 3 vms, 1 forest, 2 domains “When the Zerologon vulnerability surfaced, …
New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding
A new project aims to make it easier for PLC programmers to implement secure coding practices by cataloging useful files and functions from each vendor.
The post New Project Analyzes and Catalogs Vendor Support for Secure PLC Coding appeared first on S…
Roundcube webmail zero-day exploited to spy on government entities (CVE-2023-5631)
The Winter Vivern APT group has been exploiting a zero-day vulnerability (CVE-2023-5631) in Roundcube webmail servers to spy on email communications of European governmental entities and a think tank, according to ESET researchers. “Exploitation …
Generative AI Can Write Phishing Emails, But Humans Are Better At It, IBM X-Force Finds
Hacker Stephanie “Snow” Carruthers and her team found phishing emails written by security researchers saw a 3% better click rate than phishing emails written by ChatGPT.
Wazuh: Free and open-source XDR and SIEM
Wazuh is an open-source platform designed for threat detection, prevention, and response. It can safeguard workloads in on-premises, virtual, container, and cloud settings. Wazuh system comprises an endpoint security agent installed on monitored system…
Software Supply Chain Security Attacks Up 200%: New Sonatype Research
Sonatype’s 9th annual State of the Software Supply Chain also covers regulations and how AI could help developers protect organizations from security risks.
DIY attack surface management: Simple, cost-effective and actionable perimeter insights
Modern-day attack surface management (ASM) can be an intimidating task for most organizations, with assets constantly changing due to new deployments, assets being decommissioned, and ongoing migrations to cloud providers. Assets can be created and for…