What is Adversarial Training in Lay Mans Terms? And How Does it Help Preventing Adversarial Attacks?

What is Adversarial Training in Lay Mans Terms? And How Does it Help Preventing Adversarial Attacks?

Cyber Attacks
Artificial intelligence (AI) and machine learning have become integral parts of our daily lives. From virtual assistants to recommender systems, AI is powering many of the services and applications we use every day. However, as the use of AI grows, so do concerns about its security vulnerabilities. The OWASP team has published its first version of OWASP Top 10 for LLM, especially for AI applications powered by LLMs. One such concern is that of adversarial attacks. Adversarial attacks aim to fool AI systems by supplying deceptively modified inputs. This can cause the AI to misclassify or misinterpret the perturbed input. For instance, adding some nearly imperceptible noise to an image can make an AI system misclassify it completely. Defending against such attacks is critical for building robust and trustworthy AI systems. This is where adversarial training comes into…
Read More
How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?

How to Protect Your Apple Devices From CVE-2023-42824 and CVE-2023-5217?

Data Breaches, Linux
Apple recently released iOS 17.0.3 and iPadOS 17.0.3 to address two critical vulnerabilities, CVE-2023-42824 and CVE-2023-5217, that could allow malicious actors to execute arbitrary code on affected devices. These flaws affect various iPhone and iPad models and could be exploited if a user visits a malicious website or is targeted by specially crafted web content. To protect your Apple devices, it is essential to apply the latest updates as soon as possible to ensure your devices are protected against potential attacks leveraging these vulnerabilities. We published this blog post to provide an overview of the vulnerabilities Apple devices impacted, and educate securitymaster.com users on keeping your devices secure. before we jump into the topic of discussion, let us see a short introduction about WebRTC since these flaws stemmed from the Kernel and…
Read More
FraudGPT – The Emergence of Malicious Generative AI

FraudGPT – The Emergence of Malicious Generative AI

CHAT GPT, Cyber Attacks
The rapid advancement of AI technology has brought many useful applications. However, it has also given rise to new security threats. Recently, another dangerous generative AI tool named FraudGPT emerged on the dark web right after wormGPT, designed explicitly for malicious purposes. FraudGPT allows cybercriminals to automate and scale up sophisticated cyberattacks such as phishing campaigns, malware creation, and card fraud. FraudGPT on Dark Web (Source: NetErich) Let’s talk about another malicious generative AI tool called FraudGPT, its features, risks, and finally, how such tools could be tackled to protect your business. Table of Contents What is FraudGPT? According to Rakesh Krishnan, a Senior Threat Analyst at Netenrich, FraudGPT is an AI bot tailored for offensive hacking activities like crafting spear phishing emails, generating malware, carding frauds, etc. It has been circulating on the dark web since July 22,…
Read More
How to Fix GameOver(lay)- Two Local Privilege Escalation Vulnerabilities in Ubuntu Linux Kernel?

How to Fix GameOver(lay)- Two Local Privilege Escalation Vulnerabilities in Ubuntu Linux Kernel?

Cyber Attacks
Sagi Tzadik, Shir Tamari from Wiz disclosed two easy-to-exploit local privilege escalation vulnerabilities in the OverlayFS module of the Ubuntu Linux Kernel. These two vulnerabilities assigned with the identifiers CVE-2023-2640 and CVE-2023-32629 could be severe than it appears as no configuration changes are needed to exploit these vulnerabilities. These issues are unique, although they look similar to the two-year-old Overlayfs vulnerability (CVE-2021-3493).  Let’s dive deep into the issue and understand how these vulnerabilities are unique, although they share the same functionality in terms of exploitation. Before going to the technical details, it’s good to know about the OverlayFS that has existed since 2009 as part of the Linux Kernel. What is OverlayFS and How Does it Work? OverlayFS is a union mount filesystem implementation for Linux that allows combining multiple directories and mount points…
Read More

What is There in The Verizon’s Data Breach Investigations Report- 2023

Vulnerabilities
Verizon has published its 2023 Data Breach Investigations Report, providing insights into the latest cybercrime trends and data breaches. This annual report analyzes thousands of real-world security incidents to reveal patterns, vulnerabilities, and recommendations to strengthen defenses. Now in its 16th edition, the highly-anticipated report acts as an industry benchmark for understanding the shifting threat landscape. It equips security teams with actionable intelligence to make strategic decisions and combat emerging attack techniques. With contributions from over 90 global organizations, this year’s findings are based on an extensive dataset of over 16,000 incidents and 5,000 confirmed breaches. The analysis provides unprecedented visibility into the threat actors, motives, actions, targets, and impacts behind modern cyberattacks. From ransomware campaigns to business email compromises, the report breakdowns the “who, what, where, when, why, and how” of…
Read More
What is PSIRT- Product Security Incident Response Team?

What is PSIRT- Product Security Incident Response Team?

Cyber Attacks
Product Security Incident Response Teams (PSIRTs) play a crucial role in addressing security vulnerabilities and incidents that affect a company’s products and services. These dedicated, globally-coordinated teams expertly manage the receipt, investigation, and public reporting of security vulnerabilities, ensuring that both internal and external stakeholders are informed about the current risk landscape and equipped to mitigate potential threats to their systems. Often working in tandem with development teams, PSIRTs are responsible for assisting in all security-related aspects of a company’s product lifecycle. This includes but is not limited to, identifying vulnerabilities in supported products, implementing mitigation strategies, and disclosing information to the public in a responsible and transparent manner. A key aspect of this process is the assignment of Common Vulnerabilities and Exposure (CVE) identifiers, which allows for easier tracking…
Read More
List of Federal and State Data Privacy Laws in the United States

List of Federal and State Data Privacy Laws in the United States

Data Breaches
Data privacy has become a growing concern for individuals and businesses alike in recent years, as advances in technology further integrate personal information into various aspects of daily life. In the United States, data privacy laws are a complex patchwork of federal and state regulations that govern how organizations can collect, process, store, and share personal information. While the Privacy Act of 1974 initially focused on how federal agencies manage personal data, these laws have since expanded to involve other sectors and modern-day technologies. In today’s digital landscape, personal information is more accessible than ever, with countless organizations storing sensitive data such as social security numbers, financial records, and health information. Data privacy laws in the United States currently lack a comprehensive federal framework, resulting in a significant reliance on state-level legislation.…
Read More
How to Fix CVE-2023-24329- URL Parsing Issue in Python?

How to Fix CVE-2023-24329- URL Parsing Issue in Python?

Vulnerabilities
On February 17, 2023, a URL parsing vulnerability in certain versions of the Python programming language was published with the ID CVE-2023-24329. The issue lies in the urllib.parse module which contains functions for breaking URLs into components and combining them back into full URLs. According to the description provided on NVD, the vulnerability has a CVSS v3 base score of 7.5 which indicates it is highly severe. If exploited, this flaw could enable attackers to bypass security protections and filters that rely on URL blocklisting. Essentially, by supplying specially crafted URLs, malicious actors may be able to bypass implemented domain or protocol blacklists. This creates serious security implications, as failure to filter dangerous URLs could lead to scenarios like arbitrary file reads, SSRF attacks, unauthorized access to internal networks, and remote code execution. Organizations…
Read More
Multiple Vulnerabilities in CyberPower and DataProbe Products- Patch Them ASAP

Multiple Vulnerabilities in CyberPower and DataProbe Products- Patch Them ASAP

Data Breaches
Researchers from Trellix’s Advanced Research Center recently disclosed multiple critical, high, and medium severity vulnerabilities in CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) platform and Dataprobe’s iBoot Power Distribution Unit (PDU). These vulnerabilities, if exploited, could allow attackers to gain complete control over these systems and use them as an entry point into broader data centers and enterprise networks. It is highly recommended that impacted customers patch these vulnerabilities as soon as possible. Let’s see what the researchers revealed about the multiple vulnerabilities in CyberPower and DataProbe Products and how to patch the flaws in this blog post. An Short Note About CyberPower’s PowerPanel Enterprise Data Center Infrastructure Management (DCIM) Platform CyberPower’s PowerPanel Enterprise is a leading DCIM platform that allows IT teams to manage, configure and monitor data center…
Read More
Explore What is There in OWASP Top 10 for LLM

Explore What is There in OWASP Top 10 for LLM

Vulnerabilities
The emergence of large language model (LLMs) applications like ChatGPT has sparked a revolution in artificial intelligence. These models can generate remarkably human-like text and code, unlocking new possibilities. However, the excitement over LLMs has caused their integration and adoption to rapidly outpace security considerations. As organizations implement LLMs into client offerings and business operations, they expose themselves to serious vulnerabilities. LLMs introduce new attack surfaces and risks compared to traditional software applications. Their core natural language processing capabilities can be exploited in ways developers are unaccustomed to. Attackers are already developing methods to manipulate LLMs through crafted inputs. Without proper safeguards, LLMs risk leaking sensitive data, enabling social engineering, and threatening backend infrastructure. To address these concerns, OWASP recently released its OWASP Top 10 for Large Language Model Applications report. OWASP is an international…
Read More