Aggregator

开房疯狂打Call：警惕利用固定电话实施的电信网络诈骗

2 years 5 months ago

随着通讯反诈技术升级和国民防诈意识增强，境外诈骗号码拨打电话接通率、作案成功率大大降低，境外诈骗分子转而使用境内固定电话联系被害人。通过固定电话拨号，更容易取得被害人信任，已严重侵害人民群众财产安全，亟需引起重视。

Will the real Citrix CVE-2023-3519 please stand up?

2 years 5 months ago

Citrix has disclosed CVE-2023-3519, a remote code execution vulnerability, but further scrutiny reveals multiple vulnerabilities.

How to Leverage GreyNoise in Your SOAR Playbooks

Grey Noise

2 years 5 months ago

During our latest webinar we discussed some common use cases using GreyNoise with other SOAR platforms. The main goal of using GreyNoise with other SOAR platforms is to more quickly identify either opportunistic attacks, get better insight into how infrastructure is being used, as well as enriching alerts using RIOT data to IP's associated with common business services.

Protect Every API Anywhere with API Security

The Akamai Blog

2 years 5 months ago

Abigail Ojeda

邮件钓鱼之sendcloud邮件伪造 - PaperPen

博客园_PaperPen's Blog

2 years 5 months ago

通过使用此平台api结合swaks工具进行伪造发件人，从而大大提高钓鱼邮件的可信度。

PaperPen

近源渗透之Crazyradio无线键鼠攻击利用 - PaperPen

博客园_PaperPen's Blog

2 years 5 months ago

近源渗透的一种攻击手法，通过无线键鼠攻击来达到远距离操控键鼠，实现上线C2。

PaperPen

漏洞分析｜Adobe ColdFusion 序列化漏洞（CVE-2023-29300）

GobySec

2 years 5 months ago

详细分析 CVE-2023-29300 的漏洞成因，并提出一些后续的研究方向。

Anthropic Claude Data Exfiltration Vulnerability Fixed

Embrace The Red

2 years 5 months ago

A common attack vector that LLM apps face is data exfiltration, in particular data exfiltration via Image Markdown Injection is a common vulnerability. Microsoft fixed the vulnerability in Bing Chat, ChatGPT is still vulnerable as Open AI “won’t fixed” the issue, and Anthropic just mitigated this vulnerability in Claude.

This post documents the Anthropic Claude data exfiltration vulnerability and the mitigation put in place.

The Vulnerability - Image Markdown Injection

As a quick recap, imagine a large language model (LLM) returns the following text: