It seems that everyone is rushing to embed artificial intelligence into their solutions, and security offerings are among the latest to obtain this shiny new thing. Like many, I see the potential for AI to help bring about positive change, but also its potential as a threat vector.
To some, recent AI developments are a laughing matter. On April 1, 2023, that traditional day when technology and social media sites love to pull a fast one on us and engage in often elaborate pranks, the Twitter account for the MITRE ATT&CK platform launched the #attackgpt Twitter bot, which invited users to employ the hashtag #attackgpt, which would generate an “AI” response to questions about the anti-hacker knowledge base. In reality, it was an April fool’s prank with MITRE’s social media team cranking out funny answers in the guise of a chatbot.
CISOs are no longer only responsible for the cybersecurity of systems used internally. In many organizations they also focus on securing products and public-facing applications, and one way to do this well is through risk assessment.
Assessing risk requires identifying baseline security criteria around key elements such as customer contracts and regulatory requirements, Neil Lappage, partner at LeadingEdgeCyber and ISACA member, tells CSO. “From the start, you’ve got things you’re committed to such as requirements in customer contracts and regulatory requirements and you have to work within those parameters. And you need to understand who your interested parties are, the stakes they’ve got in the game, and the security objectives.”
This vulnerability allows local attackers to escalate privileges on affected installations of G Data Total Security. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability.
It was reported that cairosvg, a SVG converter based on Cairo, can send
requests to external hosts when processing specially crafted SVG files
with external file resource loading. An attacker can take advantage of
this flaw to perform a server-side request forgery or denial of service.
Fetching of external files is disabled by default with this update.
It was discovered that Ghostscript, the GPL PostScript/PDF interpreter,
is prone to a buffer overflow vulnerability in the (T)BCP encoding
filters, which could result in the execution of arbitrary code if
malformed document files are processed (despite the -dSAFER sandbox
being enabled).
