Cyberattack Gold: SBOMs Offer an Easy Census of Vulnerable Software

April 26, 2024 at 12:37PM Government and security-sensitive firms are requiring software bills of material (SBOMs), listing components of applications. Attackers could exploit this information without sending packets. Larry Pesce warns that publicly accessible SBOMs can expose vulnerabilities. Yet, SBOMs aim to enhance software security, with 60% adoption expected by next year. Pesce advises using … Read more

Artificial Arms Race: What Can Automation and AI do to Advance Red Teams

February 27, 2024 at 07:27AM The text discusses the significance of Red Teams for security stress tests and outlines their current state-of-the-art. It emphasizes the need for a well-defined security program and the role of human operators. It also explores the potential of automation and AI in Red Team engagements, such as asset discovery, ransomware … Read more

Why Red Teams Can’t Answer Defenders’ Most Important Questions

January 5, 2024 at 10:06AM In 1931, Alfred Korzybski emphasized the limitations of models, likening them to maps that cannot fully represent reality. Red-team assessments often fail to test enough attack variants to accurately gauge defense strength, leaving defenders uncertain about their security posture. To address this, organizations can explore alternatives like Atomic Testing and … Read more

October 9, 2023 at 05:56PM – D-Link WiFi range extender vulnerable to command injection attacks

October 9, 2023 at 05:56PM The D-Link DAP-X1860 WiFi 6 range extender has a vulnerability that allows for denial of service attacks and remote command injection. Despite being notified multiple times, D-Link has not released any fixes. Attackers can exploit the flaw by creating an SSID with a tick symbol and executing commands. Owners are … Read more