Feb 23, 2024NewsroomRed Teaming / Artificial Intelligence Microsoft has released an open access automation framework called PyRIT (short for Python Risk Identification Tool) to proactively identify risks in generative artificial intelligence (AI) systems. The red teaming tool is designed to “enable every organization across the globe to innovate responsibly with the latest artificial intelligence advances,” […]
Google has released its fuzzing framework as an open source resource to help developers and researchers improve how they find software vulnerabilities. The framework, which automates manual aspects of fuzz testing, uses large language models (LLMs) to write project-specific code to boost code coverage. The open source fuzzing tool includes support for Vertex AI code-bison, […]
A critical vulnerability in Ray, an open source compute framework for AI, could allow unauthorized access to all nodes, cybersecurity firm Bishop Fox warns. Tracked as CVE-2023-48023, the bug exists because Ray does not properly enforce authentication on at least two of its components, namely the dashboard and client. A remote attacker can abuse this […]
MITRE has released MITRE ATT&CK v14, the newest iteration of its popular investigation framework / knowledge base of tactics and techniques employed by cyber attackers. MITRE ATT&CK v14 ATT&CK’s goal is to catalog and categorize behaviors of cyber adversaries in real-world attacks. The framework is constantly being adapted to include new and modified behaviors related […]
An updated version of a sophisticated backdoor framework called MATA has been used in attacks aimed at over a dozen Eastern European companies in the oil and gas sector and defense industry as part of a cyber espionage operation that took place between August 2022 and May 2023. “The actors behind the attack used spear-phishing […]
A malicious package hosted on the NuGet package manager for the .NET Framework has been found to deliver a remote access trojan called SeroXen RAT. The package, named Pathoschild.Stardew.Mod.Build.Config and published by a user named Disti, is a typosquat of a legitimate package called Pathoschild.Stardew.ModBuildConfig, software supply chain security firm Phylum said in a report […]
The Enduring Security Framework (ESF) Software Supply Chain Working Panel, a collaboration between the public and private sector, has provided industry best practices and principles which vendors, developers, and consumers may reference for their own security and protection against supply chain attacks. These references are divided across distinct responsibilities as they relate to all parties […]