AIs Discovering Vulnerabilities

I’ve been writing about the possibility of AIs automatically discovering code vulnerabilities since at least 2018. This is an ongoing area of research: AIs doing source code scanning, AIs finding zero-days in ...
Alarming Intrusion: Chinese Government Hackers Target US Internet Providers

Alarming Intrusion: Chinese Government Hackers Target US Internet Providers

A recent Washington Post report sent shockwaves through the cybersecurity landscape, revealing that Chinese government-backed hackers have infiltrated at least two major US internet service providers (ISPs) and several smaller ones ...
Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year

Critical Microsoft Zero-Day Vulnerability Exploited in the Wild for Over a Year

A severe zero-day vulnerability in Microsoft Windows, tracked as CVE-2024-38112, has been actively exploited by threat actors for at least 18 months. This security flaw in the Windows MSHTML Platform allows remote ...
Nation-States and Zero-days Cranking Up the Heat

Nation-States and Zero-days Cranking Up the Heat

Summertime isn't just for vacations and barbecues—it's also prime season for zero-day attacks. These attacks, launched by malicious actors exploiting previously unknown vulnerabilities in software, are a significant concern for national security ...
Facial Recognition Fail: How It Misidentified an Innocent Man

Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices

In episode 337, we cover “broken” news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police ...

Using LLMs to Exploit Vulnerabilities

Interesting research: “Teams of LLM Agents can Exploit Zero-Day Vulnerabilities.” Abstract: LLM agents have become increasingly sophisticated, especially in the realm of cybersecurity. Researchers have shown that LLM agents can exploit real-world ...
Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will continue and makes sense for the consumers of security software, as well. The reasons are ...
Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Cybersecurity Insights with Contrast CISO David Lindner | 5/24/24

Insight #1 Tool consolidation continues, with Palo Alto’s plans to absorb IBM's QRadar software. This movement will continue and makes sense for the consumers of security software, as well. The reasons are ...
Zero-Day Nightmare: Palo Alto, Cisco, and MITRE Under Attack

Zero-Day Nightmare: Palo Alto, Cisco, and MITRE Under Attack

Zero-day threats continue to wreak havoc on organizations worldwide, with recent attacks targeting corporate and government networks. In the last few weeks, government-sponsored threat actors have targeted Palo Alto Networks and Cisco ...

Preparing for Holiday Cyberattacks

How can security teams be ready for holiday cyberattacks and a seasonal peak in cybercrime? Holiday cyberattacks are on the rise. The vacation season, be it Christmas, Hanukkah, Easter, St. Patrick’s Day, ...