Security Bulletin

Just like you should check the quality of the ingredients before you make a meal, it's critical to ensure the integrity of AI training data.

Today, Cisco released security updates to address ArcaneDoor—exploitation of Cisco Adaptive Security Appliances (ASA) devices and Cisco Firepower Threat Defense (FTD) software. A cyber threat actor could exploit vulnerabilities ( CVE-2024-20353, CVE...

CISA has added three new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. CVE-2024-20353 Cisco ASA and FTD Denial of Service Vulnerability CVE-2024-20359 Cisco ASA and FTD Privilege Escalation...

AI presents great risks, but also promises many benefits – here’s how we can walk that tightrope safely.

(c) SANS Internet Storm Center. https://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.

A while back I got an email from Perry, one of our readers who was having a problem using my cvescan script, which I covered in a 3 part story back in 2021:

Arbitrary code in Lambda Layers may be unsafely executed in older versions of Keras.

Dark Reading talks cloud security with John Kindervag, the godfather of zero trust.

Growing attacks targeting the flaw prompted CISA to include it in the known exploited vulnerabilities catalog earlier this month.

An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.

Change Healthcare owner UnitedHealth Group acknowledges some customer protected health information leaked on dark web.