AI security researchers from Robust Intelligence and Yale University have designed a machine learning technique that can speedily jailbreak large language models (LLMs) in an automated fashion. “The method, known as the Tree of Attacks with Pruning (TAP), can be…
Tag: Help Net Security
Ransomware in 2024: Anticipated impact, targets, and landscape shift
As ransomware continues to be on the rise, we can expect groups to continue to evolve their attacks and operate at a larger scale for bigger profits. This will put organizations at higher risk if they don’t adopt a more…
Using AI and automation to manage human cyber risk
Despite advanced security protocols, many cybersecurity incidents are still caused by employee actions. In this Help Net Security video, John Scott, Lead Cybersecurity Researcher at CultureAI, discusses how integrating AI and automation into your cybersecurity strategy can improve employee behaviors…
Third-party breaches shake the foundations of the energy sector
90% of the world’s largest energy companies experienced a third-party breach in the past 12 months, according to SecurityScorecard. Powering the global economy and everyday activities, the energy sector’s significance makes it a key focus for cyber threats. The urgency…
OpenTofu: Open-source alternative to Terraform
OpenTofu is an open-source alternative to Terraform’s widely used Infrastructure as Code provisioning tool. Previously named OpenTF, OpenTofu is an open and community-driven response to Terraform’s recently announced license change from a Mozilla Public License v2.0 (MPLv2) to a Business…
Panther Labs introduces Security Data Lake Search and Splunk Integration capabilities
Panther Labs launched its new Security Data Lake Search and Splunk Integration capabilities. These offerings mark a critical leap forward in managing security risks in today’s cloud-first landscape. As organizations race to implement machine learning capabilities, they’re increasingly reliant on…
CISA: Adobe ColdFusion flaw leveraged to access government servers (CVE-2023-26360)
Unknown attackers have leveraged a critical vulnerability (CVE-2023-26360) in the Adobe ColdFusion application development platform to access government servers, the Cybersecurity and Infrastructure Security Agency (CISA) has shared. About the exploited vulnerability CVE-2023-26360 is a deserialization of untrusted data vulnerability…
Atlassian fixes four critical RCE vulnerabilities, patch quickly!
Atlassian has released security updates for four critical vulnerabilities (CVE-2023-1471, CVE-2023-22522, CVE-2023-22524, CVE-2023-22523) in its various offerings that could be exploited to execute arbitrary code. About the vulnerabilities CVE-2022-1471 is a deserialization flaw in the SnakeYAML library for Java that…
Data Theorem releases API Attack Path Visualization for enhanced API and Software supply chain security
Data Theorem has introduced the API Attack Path Visualization capabilities for the protection of APIs and the software supply chain. This latest enhancement of its API Secure solution empowers organizations with a comprehensive understanding of the attack chain, traversing all…
Atsign releases SSH No Ports 4.0 with Windows support and SDK
Atsign has unveiled the release of SSH No Ports 4.0. SSH No Ports is a system administration tool used to access remote systems (gateways, industrial PCs, and many other devices) via SSH from anywhere, without the need for network configuration,…