Skip to main content

Search

Items tagged with: hack

#LLM Agents can Autonomously #Exploit One-day Vulnerabilities


Source: https://arxiv.org/abs/2404.08144

To show this, we collected a dataset of 15 one-day vulnerabilities that include ones categorized as critical severity in the #CVE description. When given the CVE description, GPT-4 is capable of exploiting 87% of these vulnerabilities compared to 0% for every other model we test (GPT-3.5, open-source LLMs) and open-source vulnerability scanners (ZAP and #Metasploit).


#ai #technology #Software #chatgpt #bug #hack #news #cybersecurity


LLM Agents can Autonomously Exploit One-day Vulnerabilities

LLMs have becoming increasingly powerful, both in their benign and malicious uses. With the increase in capabilities, researchers have been increasingly interested in their ability to exploit cybersecurity vulnerabilities.
arXiv.org
#News #ai #technology #software #cybersecurity #bug #hack #exploit #chatgpt #llm #cve #Metasploit

A hacking #skimmer inside an #ATM machine

https://youtube.com/shorts/29Uc_7bGcRE

#hack #security #money #technology


A hacking skimmer inside an ATM machine #shorts

That's how you hackers crack your cards. Using this skimmer device. Watch the short to know more.#skimmer #hacking #sumsub #shorts Sumsub — empowering compli...
YouTube
#money #security #technology #hack #skimmer #ATM

Well, at least the uni didn't try to minimize it:

"On or around November 28, 2023, Butler University’s third-party vendor, Athletic Trainer System ("ATS"), notified Butler University that an unknown actor gained access to ATS's computer systems in August 2020."

As part of steps taken in response, Butler writes: "Butler University is also reviewing the business necessity of sharing any sensitive data with third party vendors."

(SSN had been involved)

Butler University's notification letter sent to 1,871 people can be found linked from https://apps.web.maine.gov/online/aeviewer/ME/40/aebbc4f8-fbd7-4a2d-991b-f1ec97032e39.shtml

#EduSec #Vendor #infosec #hack #databreach

@douglevin @funnymonkey @brett

Office of the Maine AG: Consumer Protection: Privacy, Identity Theft and Data Security Breaches

apps.web.maine.gov
#infosec #hack #databreach #edusec #vendor @funnymonkey @Doug Levin @Brett Callow

#XZ #Backdoor: Times, damned times, and scams


However, I believe that he is actually from somewhere in the UTC+02 (winter)/UTC+03 (DST) timezone, which includes Eastern Europe (EET), but also Israel (IST), and some others. Forging time zones would be easy — no need to do any math or delay any commits. He likely just changed his system time to Chinese time every time he committed.


source: https://rheaeve.substack.com/p/xz-backdoor-times-damned-times-and

#security #software #time #news #hack #linux #timezone


XZ Backdoor: Times, damned times, and scams

Some timezone observations on the recently discovered backdoor hidden in an xz tarball.
Rhea (Rhea's Substack)
#Linux #security #News #software #hack #time #backdoor #xz #timezone

Review of the Summer 2023 #Microsoft #Exchange Online #Intrusion


source: https://www.cisa.gov/sites/default/files/2024-04/CSRB_Review_of_the_Summer_2023_MEO_Intrusion_Final_508c.pdf

the cascade of Microsoft’s avoidable errors that allowed this intrusion to succeed;


#attack #hack #fail #security #cybersecurity #news #problem

#fail #security #News #problem #cybersecurity #attack #microsoft #hack #exchange #Intrusion