Category: Uncategorized

Auto Added by WPeMatico

Email Security Flaw Found in the Wild

Posted on By infossl
cross-site scripting, e-mail, Security technology, Uncategorized, vulnerabilities, zero-day

Google’s Threat Analysis Group announced a zero-day against the Zimbra Collaboration email server that has been used against governments around the world. TAG has observed four different groups exploiting the same bug to steal email data, user credentials, and authentication tokens. Most of this activity occurred after the initial fix became public on Github. To … Read More “Email Security Flaw Found in the Wild” »

Friday Squid Blogging: Unpatched Vulnerabilities in the Squid Caching Proxy

Posted on By infossl
computer security, patching, proxies, Security technology, squid, Uncategorized, vulnerabilities, web

In a rare squid/security post, here’s an article about unpatched vulnerabilities in the Squid caching proxy. As usual, you can also use this squid post to talk about the security stories in the news that I haven’t covered. Read my blog posting guidelines here. Powered by WPeMatico

Ransomware Gang Files SEC Complaint

Posted on By infossl
cybersecurity, data breaches, disclosure, extortion, ransomware, Security technology, Uncategorized

A ransomware gang, annoyed at not being paid, filed an SEC complaint against its victim for not disclosing its security breach within the required four days. This is over the top, but is just another example of the extreme pressure ransomware gangs put on companies after seizing their data. Gangs are now going through the … Read More “Ransomware Gang Files SEC Complaint” »

Leaving Authentication Credentials in Public Code

Posted on By infossl
credentials, Security technology, Uncategorized, vulnerabilities

Interesting article about a surprisingly common vulnerability: programmers leaving authentication credentials and other secrets in publicly accessible software code: Researchers from security firm GitGuardian this week reported finding almost 4,000 unique secrets stashed inside a total of 450,000 projects submitted to PyPI, the official code repository for the Python programming language. Nearly 3,000 projects contained … Read More “Leaving Authentication Credentials in Public Code” »

New SSH Vulnerability

Posted on By infossl
academic papers, cryptography, Security technology, signatures, ssh, Uncategorized, vulnerabilities

This is interesting: For the first time, researchers have demonstrated that a large portion of cryptographic keys used to protect data in computer-to-server SSH traffic are vulnerable to complete compromise when naturally occurring computational errors occur while the connection is being established. […] The vulnerability occurs when there are errors during the signature generation that … Read More “New SSH Vulnerability” »

Ten Ways AI Will Change Democracy

Posted on By infossl
artificial intelligence, laws, LLM, Security technology, Uncategorized

Artificial intelligence will change so many aspects of society, largely in ways that we cannot conceive of yet. Democracy, and the systems of governance that surround it, will be no exception. In this short essay, I want to move beyond the “AI-generated disinformation” trope and speculate on some of the ways AI will change how … Read More “Ten Ways AI Will Change Democracy” »