#sectoot — Public Fediverse posts
Live and recent posts from across the Fediverse tagged #sectoot, aggregated by home.social.
-
Good Morning, story so far on the next log4j level #vulnerability #CVE20234863 #CVE20235129
#0day #Chrome #iOS- libwebp library is vulnerable to heap overflow and can lead to RCE.
- Apple assigned #CVE202341064 and #CVE202341061. Also actively exploited by #blastpass
- #Google assigned #CVE20235129 for Chrome 0day and also exploited
- Millions of apps and software use this library. See list sofar in 🧵
- #CVE20235129 was rejected by NVD earlier due to all this confusion of several vendors assigning CVEs affecting their products
- This will lead to vulnerability scanners not being able to correctly identify if your assets are affected with libwebp. #infosec #sectoot
-
Wow, MS figured out the consumer keys were captured via crash dump!!
#supercool
https://msrc.microsoft.com/blog/2023/09/results-of-major-technical-investigations-for-storm-0558-key-acquisition/
#dfir #infosec #sectoot -
Great #keynote #BHUSA2023 by @Azeria
Key takeaways:
- Chatgpt was hastily released despite knowing its risks.
- #Google was rightly delaying its model’s release but then came #openai
- #AI usecases and capabilities are exploding
- AI Risks are serious
- Phishing will expand to phishing AI agents.
- What we need as industry?
- Forensic AI tooling to analyze AI actions
- AI wont replace sec pros. It has introduced many risks related to LLMs that we need #infosec pros to understand and analyse.
- Have #IAM solutions for AI agents and for internal and business data used by LLMs
- Tech evolving without security isnt new to us, similarly we know how to study new systems and is a chance for security pros to identify new opportunities and foster new solutions
- AI village at #defcon #bhusa has 100+ talks.