F5 BIG-IP 请求走私导致远程命令执行(CVE-2023-46747)
F5 BIG-IP 请求走私导致远程命令执行(CVE-2023-46747)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99776
F5 BIG-IP 请求走私导致远程命令执行(CVE-2023-46747)
by SeeBug - http://www.seebug.org/vuldb/ssvid-99776
Le nuove opportunità dell’AI: sfruttare GPT 3.5 per la deoffuscazione del codice
Usare l'IA per ricostruire il codice originale dal codice deoffuscato è senz'altro un ramo di ricerca da esplorare. Questo esperimento con GPT 3.5 ha mostrato risultati incoraggianti, anche se lontani dall'essere utili in applicazioni pratiche.
by CERT-AgID - https://cert-agid.gov.it/news/le-nuove-opportunita-dellai-sfruttare-gpt-3-5-per-la-deoffuscazione-del-codice/
Usare l'IA per ricostruire il codice originale dal codice deoffuscato è senz'altro un ramo di ricerca da esplorare. Questo esperimento con GPT 3.5 ha mostrato risultati incoraggianti, anche se lontani dall'essere utili in applicazioni pratiche.
by CERT-AgID - https://cert-agid.gov.it/news/le-nuove-opportunita-dellai-sfruttare-gpt-3-5-per-la-deoffuscazione-del-codice/
CERT-AGID
Le nuove opportunità dell’AI: sfruttare GPT 3.5 per la deoffuscazione del codice
Usare l'IA per ricostruire il codice originale dal codice deoffuscato è senz'altro un ramo di ricerca da esplorare. Questo esperimento con GPT 3.5 ha mostrato risultati incoraggianti, anche se lontani dall'essere utili in applicazioni pratiche.
Israeli Gaza conflict - The cyber perspective.pdf
1.8 MB
Un interessante report sul conflitto Israelo-Palestinese in ambito cyber
Rilevata vulnerabilità in prodotti Atlassian
(AL01/231031/CSIRT-ITA)
Aggiornamenti di sicurezza sanano una vulnerabilità con gravità “critica” presente in Atlassian Confluence Data Center and Server.
by CSIRT - https://www.csirt.gov.it/contenuti/rilevata-vulnerabilita-in-prodotti-atlassian-al01-231031-csirt-ita
(AL01/231031/CSIRT-ITA)
Aggiornamenti di sicurezza sanano una vulnerabilità con gravità “critica” presente in Atlassian Confluence Data Center and Server.
by CSIRT - https://www.csirt.gov.it/contenuti/rilevata-vulnerabilita-in-prodotti-atlassian-al01-231031-csirt-ita
Ever wondered what living under AI surveillance in Europe would feel like?
Don’t Spy EU allows you to scan the faces of European lawmakers through a face recognition algorithm.
They’re the ones in charge of finalizing the AI Act, so let’s make sure they fully understand the risks of biometric surveillance.
https://dontspy.eu/
Don’t Spy EU allows you to scan the faces of European lawmakers through a face recognition algorithm.
They’re the ones in charge of finalizing the AI Act, so let’s make sure they fully understand the risks of biometric surveillance.
https://dontspy.eu/
dontspy.eu
Twilight Tango Links
meet experienced singles starts here at Twilight Tango Links. Join the Community!
Analysis by the firm found that printer-related security risks are still largely overlooked by many SMBs, with one-third revealing they have no security measures in place at all to protect them.
https://www.itpro.com/security/the-humble-printer-is-still-a-leading-cause-of-cyber-attacks
https://www.itpro.com/security/the-humble-printer-is-still-a-leading-cause-of-cyber-attacks
ITPro
The humble printer is still a leading cause of cyber attacks
Printer cyber attacks are still a pervasive risk for SMBs, with many overlooking potential vulnerabilities
Ho sempre pensato che lo smart working sia, per certi ruoli, una forma di lavoro vantaggiosa per entrambi: per il datore di lavoro, che può risparmiare sui costi di gestione dei locali e delle infrastrutture degli uffici. Per il lavoratore, che può finalmente organizzarsi a progetti, secondo i suoi tempi ed esigenze, con flessibilità.
https://www.wired.it/article/smart-working-lavoro-futuro-imprese/
https://www.wired.it/article/smart-working-lavoro-futuro-imprese/
WIRED.IT
Lo smart working ci dice quanto un'azienda è pronta al futuro
Il lavoro agile è un indicatore di quanto una organizzazione è capace di adeguarsi alle sfide dei prossimi anni. Nell'ottica della conciliazione vita-lavoro ma non solo
Any account that has not been touched for two years could be eradicated, including a user’s Google Workspace apps like Drive, Docs and Photos.
https://nypost.com/2023/11/13/tech/google-will-delete-many-gmail-accounts-soon-is-yours-safe/
https://nypost.com/2023/11/13/tech/google-will-delete-many-gmail-accounts-soon-is-yours-safe/
New York Post
Google will start deleting many Gmail accounts soon — is yours safe?
The company is scheduled to delete troves of accounts as a cybersecurity initiative that goes into effect on Dec. 1. Here's why — and what you should do before then.
SektorCERT_The_attack_against_Danish_critical_infrastructure_TLP.pdf
11.5 MB
The attack against Danish, critical infrastructure
This year, Google has seen an increase in the number of vulnerabilities impacting central processing units (CPU) across hardware systems. Two of the most notable of these vulnerabilities were disclosed in August, when Google researchers discovered Downfall (CVE-2022-40982) and Zenbleed (CVE-2023-20593), affecting Intel and AMD CPUs, respectively.
https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability
https://cloud.google.com/blog/products/identity-security/google-researchers-discover-reptar-a-new-cpu-vulnerability
Google Cloud Blog
Google researchers discover 'Reptar,’ a new CPU vulnerability | Google Cloud Blog
A new CPU vulnerability, ‘Reptar,’ found by Google researchers, has been patched by Google and Intel. Here’s what you need to know.
Recently Google Bard got some powerful updates, including Extensions. Extensions allow Bard to access YouTube, search for flights and hotels, and also to access a user’s personal documents and emails.
https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/
https://embracethered.com/blog/posts/2023/google-bard-data-exfiltration/
Embrace The Red
Hacking Google Bard: From Prompt Injection to Data Exfiltration
Google Bard allowed an adversary to inject instructions via documents and exfiltrate the chat history by injecting a markdown image tag.
"The Dragon Touch tablet also came with a very outdated version of the KIDOZ app pre-installed. This app touts being “COPPA Certified” and “turns phones & tablets into kids friendly devices for playing and learning with the best kids’ apps, videos and online content.” This version operates as kind of like a mini operating system where you can download games, apps, and configure parental controls within the app."
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
https://www.eff.org/deeplinks/2023/11/low-budget-should-not-mean-high-risk-kids-tablet-came-preloaded-sketchyware
Electronic Frontier Foundation
Low Budget Should Not Mean High Risk: Kids' Tablet Came Preloaded with Sketchyware
It’s easy to get Android devices from online vendors like Amazon at different price points. Unfortunately, it is also easy to end up with an Android device with malware at these lower budgets. There
Forwarded from Informa Pirata: informazione e notizie
Gli stati Usa denunciano Meta perché danneggerebbe la salute mentale degli adolescenti
33 stati degli USA portano in tribunale Meta poiché non fa abbastanza per evitare i problemi di salute mentale e dipendenza da social network.
33 stati degli USA portano in tribunale Meta poiché non fa abbastanza per evitare i problemi di salute mentale e dipendenza da social network.
CBC
Social media is designed to get young people addicted to it, 33 U.S. states allege in lawsuit against Meta | CBC News
Thirty-three states, including California and New York, are suing Meta Platforms Inc. for harming young people's mental health and contributing to the youth mental health crisis by knowingly designing features on Instagram and Facebook that cause children…
NIS2 - Quick reference guide.pdf
5 MB
NIS2 - Quick reference guide
Securely configuring the potentially thousands of cloud identities, workloads, and other resources needed to support the high pace of modern software development is difficult—but also critical to prevent attackers from breaching these systems, where security gaps too often go unnoticed.
https://www.datadoghq.com/state-of-cloud-security/
https://www.datadoghq.com/state-of-cloud-security/
Datadog
State of Cloud Security | Datadog
For our 2025 report, we analyzed AWS, Google Cloud, and Azure data from thousands of organizations to understand the latest trends in cloud security posture.