July 9, 2024 at 08:30AM The article discusses the top 10 AI security risks identified by OWASP for businesses adopting AI tools, categorized into access, data, and reputational/business risks. It highlights the vulnerabilities and offers protective measures, emphasizing the need for policy foundation, security technologies, and responsible use of AI. The aim is to mitigate … Read more
June 7, 2024 at 09:15AM Mozilla launches new bug bounty program called 0Day Investigative Network (0Din) focusing on large language models and deep learning technologies. The program aims to improve the security of the gen-AI ecosystem by addressing various security issues. Researchers can submit findings to ‘0din at mozilla.com’, allowing them an opportunity for contribution … Read more
April 23, 2024 at 10:05AM The OWASP released its top 10 list for large language model (LLM) applications, addressing security threats. This framework educates and aligns the industry on potential risks, emphasizing the need for effective authentication and authorization of LLM technologies. The list highlights the importance of preventing misuse and compromise, urging security leaders … Read more
April 12, 2024 at 03:50PM Summary: The article highlights the importance of file scanning within uploader applications to safeguard against cyber threats like malware. It emphasizes compliance with security standards and the use of tools like the OWASP file upload cheat sheet and Trend Vision One™ – File Security to enhance data security. The article … Read more
April 2, 2024 at 02:40PM A misconfigured MediaWiki web server led to a data breach at the Open Web Application Security Project (OWASP) Foundation. Resumes of members from 2006 to around 2014, consisting of personal details, were accessed. OWASP is advising caution as the breached data could be used for identity fraud and phishing attempts. … Read more
April 2, 2024 at 07:09AM The OWASP Foundation announced a data breach revealing personal information of aspiring members from over a decade ago. The breach exposed names, addresses, phone numbers, and emails of members, prompting the organization to take security measures, notify impacted individuals, and caution the public. While the exposed data is old, caution … Read more
April 1, 2024 at 03:29PM The OWASP Foundation has reported a data breach involving the exposure of some members’ resumes due to misconfiguration of its old Wiki web server. Tens of thousands of members were affected, with personal information like names, emails, and addresses exposed. OWASP took steps to address the breach and will notify … Read more
March 12, 2024 at 12:34PM JetBrains and Rapid7 are embroiled in a public dispute over a software vulnerability disclosure. Following Rapid7’s detailed disclosure of vulnerabilities in TeamCity, JetBrains accused them of unethical actions which led to ransomware attacks. The spat highlights the need for clear disclosure norms in the infosec space to protect customers and … Read more
February 26, 2024 at 06:09AM OWASP published the “OWASP Top 10 For Large Language Models,” reflecting the evolving nature of Large Language Models and their potential vulnerabilities. The article discusses techniques like “prompt injection,” the accidental disclosure of secrets, and offers tips such as secret rotation, data cleaning, and regular patching to secure LLMs. From … Read more