November 4, 2024 at 02:40PM Generative AI attacks, including deepfakes, are increasing, with AI-generated text in emails growing to 12%. OWASP published guidance for organizations to strengthen defenses. A deepfake incident during a job interview at Exabeam highlighted vulnerabilities. Experts suggest focusing on tech solutions and robust processes rather than solely training individuals to detect … Read more
November 4, 2024 at 08:22AM OWASP launched new security guidance for managing risks related to large language models and generative AI applications, part of the Top 10 for LLM Application Security Project. Resources include strategies for deepfake defense, AI security best practices, and a landscape guide for security solutions, aimed at enhancing organizational readiness against … Read more
October 3, 2024 at 04:39AM In this series, we’ve explored Rogue AI and its mitigations, aiming to shape the debate around cybersecurity threats. The piece delves into community efforts to assess AI risk and highlights different perspectives on Rogue AI within the security community, particularly focusing on the related risks highlighted by OWASP and the … Read more
July 9, 2024 at 08:30AM The article discusses the top 10 AI security risks identified by OWASP for businesses adopting AI tools, categorized into access, data, and reputational/business risks. It highlights the vulnerabilities and offers protective measures, emphasizing the need for policy foundation, security technologies, and responsible use of AI. The aim is to mitigate … Read more
June 7, 2024 at 09:15AM Mozilla launches new bug bounty program called 0Day Investigative Network (0Din) focusing on large language models and deep learning technologies. The program aims to improve the security of the gen-AI ecosystem by addressing various security issues. Researchers can submit findings to ‘0din at mozilla.com’, allowing them an opportunity for contribution … Read more
April 23, 2024 at 10:05AM The OWASP released its top 10 list for large language model (LLM) applications, addressing security threats. This framework educates and aligns the industry on potential risks, emphasizing the need for effective authentication and authorization of LLM technologies. The list highlights the importance of preventing misuse and compromise, urging security leaders … Read more
April 12, 2024 at 03:50PM Summary: The article highlights the importance of file scanning within uploader applications to safeguard against cyber threats like malware. It emphasizes compliance with security standards and the use of tools like the OWASP file upload cheat sheet and Trend Vision One™ – File Security to enhance data security. The article … Read more
April 2, 2024 at 02:40PM A misconfigured MediaWiki web server led to a data breach at the Open Web Application Security Project (OWASP) Foundation. Resumes of members from 2006 to around 2014, consisting of personal details, were accessed. OWASP is advising caution as the breached data could be used for identity fraud and phishing attempts. … Read more
April 2, 2024 at 07:09AM The OWASP Foundation announced a data breach revealing personal information of aspiring members from over a decade ago. The breach exposed names, addresses, phone numbers, and emails of members, prompting the organization to take security measures, notify impacted individuals, and caution the public. While the exposed data is old, caution … Read more
April 1, 2024 at 03:29PM The OWASP Foundation has reported a data breach involving the exposure of some members’ resumes due to misconfiguration of its old Wiki web server. Tens of thousands of members were affected, with personal information like names, emails, and addresses exposed. OWASP took steps to address the breach and will notify … Read more