Security Lefrovers
-
Google ☛ Project Naptime: Evaluating Offensive Security Capabilities of Large Language Models
At Project Zero, we constantly seek to expand the scope and effectiveness of our vulnerability research. Though much of our work still relies on traditional methods like manual source code audits and reverse engineering, we're always looking for new approaches.
-
Light Blue Touchpaper ☛ Security and Human Behavior 2024
The seventeenth Security and Human Behavior workshop was hosted by Bruce Schneier at Harvard University in Cambridge, Massachusetts on the 4th and 5th of June 2024 (Schneier blog). This playlist contains audio recordings of most of the presentations, curated with timestamps to the start of each presentation.
-
Security Week ☛ Decade-Long Cyber Assault on Asian Telecoms Traced to Chinese State Hackers
A years-long espionage campaign has targeted telecoms companies in Asia with tools associated with Chinese groups.
-
Federal News Network ☛ DHS names China, AI, cyber standards as key priorities for critical infrastructure
Agencies that oversee critical infrastructure are developing new sector risk management plans, with cybersecurity continuing to be a high priority.
-
Security Week ☛ Change Healthcare to Start Notifying Customers Who Had Data Exposed in Cyberattack
Change Healthcare is starting to notify hospitals, insurers and other customers that they may have had patient information exposed in a massive cyberattack.
-
Security Week ☛ Atlassian Patches High-Severity Vulnerabilities in Confluence, Crucible, Jira
Atlassian has released Confluence, Crucible, and Jira updates to address multiple high-severity vulnerabilities.
-
Security Week ☛ Highly Evasive SquidLoader Malware Targets China
A threat actor targeting Chinese-speaking victims has been using the SquidLoader malware loader in recent attacks.
-
Prioritizing Holistic Security Posture Management to Address Growing Threats to Containers and Kubernetes [Ed: Containers and Kubernetes increase complexity and may therefore, in practice, undermine real security]
Security posture management is a broad concept encompassing everything an organization can do to prevent security incidents and is critically important in the world of containers and Kubernetes.
-
Survey Surfaces Cloud-Native Complexity in the Enterprise
A survey of 760 IT leaders and engineers at organizations with more than 1,000 employees finds nearly three-quarters (72%) work for organizations that have deployed multiple cloud-native platforms, with 46% managing three or more.
-
Bruce Schneier ☛ Recovering Public Keys from Signatures
Interesting summary of various ways to derive the public key from digitally signed files.
Normally, with a signature scheme, you have the public key and want to know whether a given signature is valid. But what if we instead have a message and a signature, assume the signature is valid, and want to know which public key signed it? A rather delightful property if you want to attack anonymity in some proposed “everybody just uses cryptographic signatures for everything” scheme.
-
IT Wire ☛ Australian ticketing data offered for sale on breach forum
The data is claimed to include the name, gender, business, date of birth, username and hashed password of users among others. It was posted on 20 June.