Aggregator

Cybersecurity researchers have disclosed a privilege escalation vulnerability impacting Google Cloud Platform's Cloud Functions service that an attacker could exploit to access other services and sensitive data in an unauthorized manner. Tenable has given the vulnerability the name ConfusedFunction. "An attacker could escalate their privileges to the Default Cloud Build Service Account and

谷歌表示放弃了之前计划Chrome浏览器彻底禁用第三方cookie的方案，将推出新的浏览器体验，用户可以自主调整第三方cookie。

多无人系统协同可以将在空间上分布的无人系统有机连接起来，实现多系统在时间、空间、模式、任务等多维度上的有效协同，最终形成目标探测、跟踪识别、智能决策、自主控制和效能评估的完整链条。

7月24日消息，今年1月中旬，正值隆冬时节，乌克兰利沃夫市的部分居民被迫在没有集中供暖的情况下生活了两天。

物联网已经渗透到社会经济的方方面面，构建出一个全新的智能化世界。

本报告从信创安全定义、市场规模、能力企业、场景应用、挑战机遇、发展趋势、应用案例等多个方面对信创安全市场进行分析。

快来吃瓜！

At ANY.RUN, we’re all about making in-depth technical information accessible. One of the ways we do this is by providing you with various detailed, yet easy-to-understand reports on malware behavior. One such report is Process graph.  What is Process graph?  Process graph is a report that visually shows how system processes, especially malicious ones, relate […]

The post See Malicious Process Relationships <br> on a Visual Graph  appeared first on ANY.RUN's Cybersecurity Blog.

本文基于《原子科学家公报》中的数据，总结了2024年美国核武器的储备、部署和现代化计划的基本情况。

在1997年，一部揭露历史的文件浮出水面，这份名为库巴克反情报审讯手册的文档，原是中央情报局（CIA）在过去3

KCon大会议题巡展正式开启

近日，瑞星威胁情报平台捕获到一起东南亚黑客组织Patchwork对我国某科技大学发起的APT攻击事件，发现其意 […]

减少 95% 资源的向量搜索 | 使用云搜索的 DiskANN

随着人工智能技术的飞速发展，大模型在网络安全领域扮演着越来越重要的角色。本文将汇总目前大模型在网络安全中的各种应用，探讨它们如何帮助我们更好地防御网络威胁，保护数据安全。

Docker is warning of a critical flaw impacting certain versions of Docker Engine that could allow an attacker to sidestep authorization plugins (AuthZ) under specific circumstances. Tracked as CVE-2024-41110, the bypass and privilege escalation vulnerability carries a CVSS score of 10.0, indicating maximum severity. "An attacker could exploit a bypass using an API request with Content-Length set

The Internet Systems Consortium (ISC) has released patches to address multiple security vulnerabilities in the Berkeley Internet Name Domain (BIND) 9 Domain Name System (DNS) software suite that could be exploited to trigger a denial-of-service (DoS) condition. "A cyber threat actor could exploit one of these vulnerabilities to cause a denial-of-service condition," the U.S. Cybersecurity and

Google said it's adding new security warnings when downloading potentially suspicious and malicious files via its Chrome web browser. "We have replaced our previous warning messages with more detailed ones that convey more nuance about the nature of the danger and can help users make more informed decisions," Jasika Bawa, Lily Chen, and Daniel Rubery from the Chrome Security team said. To that

Google Colab AI, now just called Gemini in Colab, was vulnerable to data leakage via image rendering.

This is an older bug report, dating back to November 29, 2023. However, recent events prompted me to write this up:

1. Google did not reward this finding, and
2. Colab now automatically puts Notebook content (untrusted data) into the prompt.

Let’s explore the specifics.

Google Colab AI - Revealing the System Prompt

At the end of November last year, I noticed that there was a “Colab AI” feature, which integrated an LLM to chat with and write code. Naturally, I grabbed the system prompt, and it contained instructions that begged the LLM to not render images.

DDoS cyberattack campaign averaged 4.5 million requests per second, putting the bank under attack 70% of the time.