Recent Security News
-
Protect AI Releases 3 AI/ML Security Tools as Open Source
October 11, 2023 at 08:42AM Protect AI, the maker of Huntr, a bug bounty program for open source software, has licensed three of its AI/ML security tools under the permissive Apache 2.0 terms. The first tool, NB Defense, helps protect machine learning projects in Jupyter Notebooks. The second tool, ModelScan, scans ML models for attacks…
-
Chrome 118 Patches 20 Vulnerabilities
October 11, 2023 at 08:24AM Google has released Chrome 118 with fixes for 20 vulnerabilities, including a critical bug in Site Isolation that could allow sites to steal data. Google has yet to determine the bug bounty reward for this vulnerability. The release also addresses eight medium-severity flaws and five low-severity vulnerabilities. The latest version…
-
Organizations Respond to HTTP/2 Zero-Day Exploited for DDoS Attacks
October 11, 2023 at 08:24AM Tech companies including Cloudflare, AWS, and Google have responded to the HTTP/2 zero-day vulnerability that led to massive distributed denial-of-service attacks. The attacks exploited the HTTP/2 Rapid Reset feature, resulting in servers being taken down. Organizations like CISA, Microsoft, NGINX, F5, Netty, Apache, Swift, and Linux distributions have issued advisories…
-
Applying AI to API Security
October 11, 2023 at 08:24AM AI can add value to API security in several ways. Firstly, it can be used for API discovery, studying request and response data to uncover unknown API endpoints. Secondly, AI can enforce schemas and improve access control by observing and mitigating deviations from learned schemas. Thirdly, AI can identify and…
-
CISA Warns of Attacks Exploiting Adobe Acrobat Vulnerability
October 11, 2023 at 06:42AM The US Cybersecurity and Infrastructure Security Agency (CISA) has added five security vulnerabilities to its Known Exploited Vulnerabilities catalog. These include an Adobe Acrobat and Reader flaw that can be exploited for remote code execution, an out-of-bounds write flaw in Cisco IOS and IOS XE, two zero-days impacting Skype for…