Self-Spreading Malware Infects Call of Duty Modern Warfare 2 Exploiting Known Bug
For the past month, players of the classic game, Call of Duty: Modern Warfare 2, have found themselves ensnared in…
Security
New SEC Rules around Cybersecurity Incident Disclosures
The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules:…
CISA adds second Ivanti EPMM flaw to its Known Exploited Vulnerabilities catalog
US CISA added a second actively exploited Ivanti ‘s Endpoint Manager Mobile (EPMM) vulnerability to its Known Exploited Vulnerabilities catalog.…
How to Generate a Certificate Signing Request (CSR): A Step-by-Step Guide
The growing importance of SSL certificates in securing online connections is a no-brainer! As of the time of writing this…
Hacking AI Resume Screening with Text in a White Font
The Washington Post is reporting on a hack to fool automatic resume sorting programs: putting text in a white font.…
Automatically Finding Prompt Injection Attacks
Researchers have just published a paper showing how to automate the discovery of prompt injection attacks. They look something like…
2023 OWASP Top-10 Series: API1:2023 Broken Object Level Authorization
Welcome to the 2nd post in our weekly series on the new 2023 OWASP API Security Top-10 list, with a…
Friday Squid Blogging: Zaqistan Flag
The fictional nation of Zaqistan (in Utah) has a squid on its flag. As usual, you can also use this…
Indirect Instruction Injection in Multi-Modal LLMs
Interesting research: “(Ab)using Images and Sounds for Indirect Instruction Injection in Multi-Modal LLMs“: Abstract: We demonstrate how images and sounds…
Weekly Update 358
Presently sponsored by: Kolide ensures that if a device isn’t secure, it can’t access your apps. It’s Device Trust for…