Aggregator

A vulnerability classified as problematic was found in Phpgurukul Tourism Management System 2.0. This vulnerability affects unknown code. The manipulation of the argument uname leads to cross site scripting. This vulnerability was named CVE-2024-41333. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic has been found in gl-inet AR750, AR750S, AR300M, AR300M16, MT300N-V2, B1300, MT1300, SFT1200, X750, MT3000, MT2500, AXT1800, AX1800, A1300, X300B, XE300, E750, AP1300, S1300, XE3000, X3000, B2200, MV1000, MV1000W, USB150, N300 and SF1200. This affects an unknown part of the component DDNS Client Handler. The manipulation leads to channel accessible by non-endpoint. This vulnerability is uniquely identified as CVE-2024-39229. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability was found in gl-inet AR750, AR750S, AR300M, AR300M16, MT300N-V2, B1300, MT1300, SFT1200, X750, MT3000, MT2500, AXT1800, AX1800, A1300, X300B, XE300, E750, AP1300, S1300, XE3000, X3000, B2200, MV1000, MV1000W, USB150, N300 and SF1200. It has been rated as critical. Affected by this issue is the function check_config. The manipulation leads to os command injection. This vulnerability is handled as CVE-2024-39228. The attack needs to be approached within the local network. There is no exploit available.

A vulnerability was found in gl-inet AR750, AR750S, AR300M, AR300M16, MT300N-V2, B1300, MT1300, SFT1200, X750, MT3000, MT2500, AXT1800, AX1800, A1300, X300B, XE300, E750, AP1300, S1300, XE3000 and X3000. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/glc. The manipulation leads to path traversal. This vulnerability is known as CVE-2024-39226. Access to the local network is required for this attack to succeed. There is no exploit available.

A vulnerability was found in gl-inet AR750, AR750S, AR300M, AR300M16, MT300N-V2, B1300, MT1300, SFT1200, X750, MT3000, MT2500, AXT1800, AX1800, A1300, X300B, XE300, E750, AP1300, S1300, XE3000 and X3000. It has been classified as critical. Affected is an unknown function. The manipulation leads to Privilege Escalation. This vulnerability is traded as CVE-2024-39225. It is possible to launch the attack remotely. There is no exploit available.

A vulnerability was found in Logsign Unified SecOps Platform 6.4.11 and classified as critical. This issue affects the function get_response_json_result. The manipulation leads to path traversal. The identification of this vulnerability is CVE-2024-7564. The attack may be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability has been found in IBM InfoSphere Information Server 11.7 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to information exposure through error message. This vulnerability was named CVE-2024-39751. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

Недавний всплеск атак совпал со стартом программы по развитию промышленности КНДР.

Samsung has launched a new bug bounty program for its mobile devices with rewards of up to $1,000,000 for reports demonstrating critical attack scenarios. [...]

At least two Russian nationals serving prison sentences for cybercrime offenses, Vladislav Klyushin and Roman Seleznev, were released as part of the landmark prisoner swap.

The post Joint Certification Program (DD 2345) appeared first on PreVeil.

The post Joint Certification Program (DD 2345) appeared first on Security Boulevard.

As AI usage becomes more prevalent in organizations globally, security teams must get full visibility into these applications. Building a comprehensive inventory of AI applications in your environment is a first step. Read on to learn what we found about AI application-usage in the real world when we analyzed anonymized telemetry data from scans using Tenable’s products.

Here’s a common scenario in enterprises today: Under the CISO’s guidance, the security team has set up rigorous processes to review and approve all artificial intelligence (AI) applications before they are deployed. An AI governance board and data review council have been established to ensure compliance with internal InfoSec policies. By all accounts, AI is being leveraged in a completely controlled manner on the hosts that are regularly monitored and patched.

Or is it?

A recent analysis of Tenable’s anonymized telemetry data shows that many security teams are finding usage of AI applications in their environment that might not have been provisioned via formal processes.

In other words, despite establishing formal policies and detailed procedures for deploying AI securely, many enterprises are discovering that their employees have taken a free hand with AI, creating a shadow IT problem.

What our telemetry data shows

Unquestionably, AI represents a great opportunity for organizations to improve and transform their operations, so it’s not surprising that the world is abuzz with the promise of AI. This technology is more pervasive than we could have ever imagined two years ago, and AI is everywhere – think of ChatGPT, Grammarly, H2O, Ollama and many others.

Over a recent 30-day period, Tenable scans found 1.7 million instances of AI applications on more than 287,000 hosts. Over 33% of customers that scanned using detections for AI applications found them in their environment. This is according to anonymized telemetry data from customers that agreed to share it with Tenable.

Because the data is anonymized and aggregated, it is not feasible to know the exact percentage of applications that were unapproved. However, even in cases where only a minority of the applications found were unapproved, their detection would have been critically important. That’s because AI applications that are unmanaged and unsecured represent a major risk. 

Obtaining a complete inventory of all your AI applications – approved and unapproved – gives you the visibility you need to protect your attack surface. Such an inventory also allows you to make sure that approved AI applications are being used properly and only by their authorized users.

Benchmarking Let's take a look at the top geographies

In terms of the raw number of times these AI plugins triggered detections, the Americas lead the way, followed by Europe, the Middle East and Africa (EMEA) and then Asia-Pacific (APAC.) However, EMEA ranked first with 22% of AI-related scans resulting in a detection while in APAC it was about 5% and the Americas at 18%. Our recommendation is to scan your environment regularly with the Tenable AI scan template because the percentages above denote a likely probability of detection of an AI application in your environment. 

AI usage by industry

Retail leads the way by a big margin followed by the Technology and Telecommunications sectors.

This chart shows a vertical-industry breakdown of triggers of Tenable’s AI plugins.

AI usage by size of organization

As expected, the number of detections vary depending on the size of the organization. Small organizations can easily see up to 100 detections a day while the very large ones are seeing 30,000-plus detections a day for AI applications. 

AI browser plugins

There are hundreds of browser plugins leveraging AI. The most popular ones are: 

AppRaw counts in Tenable scansGrammarly: AI writing and grammar-checker App6,781,023LanguageTool: AI grammar-checker and paraphraser1,726,138Magical: AI writer and autofill text expander534,502Scribe: AI documentation, SOPs and screenshots284,470QuillBot: AI writing and grammar-checker Tool244,424Wordtune: Generative AI productivity platform198,134ChatGPT for Google116,122AI zero days

There are over 400 vulnerabilities disclosed in AI applications so far and Tenable's researchers have discovered a handful as well that are in various stages of disclosure. Among those that have been published are NextChat Server-Side Request Forgery / Cross-Site Scripting and SSRF Security Feature Bypass in Azure AI and ML Studios. 

This number is still very small as AI security is in the nascent stage: 400 vulnerabilities is a small drop in the ocean when compared to the tens of thousands disclosed each year overall. However, we are only getting started with AI security in the ecosystem as a whole.

What can you do to elevate your security posture further?

• Be in the know. Build an inventory of AI applications found in the organization and correlate with the ones that have been approved by the AI governance board of the organization. 
• Regularly scan with plugins released for Tenable Vulnerability Management, Tenable Security Center, Tenable Nessus, Tenable Nessus Network Monitor, Tenable WebApp Scanning and Tenable OT Security.
• Leverage dashboard templates in Tenable Vulnerability Management and Tenable Security Center to review findings from the plugins.
• Mitigate frequently.
• You should never trust user inputs, and AI isn’t an exception. Follow first principles of security, security best practices and validate, validate, validate. Check out our blog about this topic.

Below you'll find links to our plugins for Tenable Vulnerability Management, Tenable Web App Scanning and Tenable Nessus Network Monitor.

VM plugins 

WAS plugins 

NNM plugins 

via the inimitable Daniel Stori at Turnoff.US!

Permalink

The post Daniel Stori’s ‘The chroot Case’ appeared first on Security Boulevard.

Новый вредоносный дроппер обходит защиту Android 13 с пугающей лёгкостью.