Security Bulletin

Meta has maintained that Facebook did not mislead investors by not including mention of the Cambridge Analytica scandal in its forward-looking risk disclosures, but the plaintiffs say it was a glaring omission.

Companies and organizations need to recognize the importance of investing in engineers who possess both the soft and hard skills required to secure open source software effectively.

Cisco is excited that Robust Intelligence, a recently acquired AI security startup, is mentioned in the 2024 Gartner Cool Vendors for AI Security report.

Here are three tips that will help people better understand what led them to cybersecurity – and how to succeed.

Cisco is committed to supporting Veterans through various programs, including the new Veteran Leadership Program, which helps Veterans transition into civilian careers and leverages their unique… Read more on Cisco Blogs

The first thing to do, when analyzing a potentially malicious PDF, is to look for the /Encrypt name as explained in diary entry Analyzing an Encrypted Phishing PDF.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

In yesterday's diary entry " zipdump & Evasive ZIP Concatenation" I showed how one can inspect the PKZIP records that make up a ZIP file.

On Friday's Stormcast, Johannes talks about Evasive ZIP Concatenation, a technique where 2 (or more) ZIP files are concatenated together to evade detection.

The SANS Holiday Hack Challenge is open early this year:

Large language models (LLMs) can help app security firms find and fix software vulnerabilities. Malicious actors are on to them, too, but here's why defenders may retain the edge.