Technology

When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

Jun 27, 2024 By Natan Nehorai In JFrog

In the rapidly evolving fields of large language models (LLMs) and machine learning, new frameworks and applications emerge daily, pushing the boundaries of these technologies. While exploring libraries and frameworks that leverage LLMs for user-facing applications, we came across the Vanna.AI library – which offers a text-to-SQL interface for users – where we discovered CVE-2024-5565, a remote code execution vulnerability via prompt injection techniques.

Read Post

JFrog

Read more about When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI

OpenAI Unveils GPT-4o, LangChain v0.2 and More - Monthly AI News

Jun 27, 2024 By Rahul Sharma In Protecto

OpenAI has reported launching its latest flagship model, GPT-4o, alongside a suite of advanced tools now available to free ChatGPT users. This move aligns with OpenAI's mission to advance AI technology and make it accessible and beneficial to everyone.

Read Post

Protecto

Read more about OpenAI Unveils GPT-4o, LangChain v0.2 and More - Monthly AI News

Kroll insights hub highlights key AI security risks

Jun 27, 2024 By Mark Nicholls In Redscan

From chatbots like ChatGPT to the large language models (LLMs) that power them, managing and mitigating potential AI vulnerabilities is an increasingly important aspect of effective cybersecurity. Kroll’s new AI insights hub explores some of the key AI security challenges informed by our expertise in helping businesses of all sizes, in a wide range of sectors. Some of the topics covered on the Kroll AI insights hub are outlined below.

Read Post

Redscan

Read more about Kroll insights hub highlights key AI security risks

Accelerate investigations with Datadog Cloud SIEM Risk Insights for AWS, GCP, and Azure entities

Jun 26, 2024 By Amanda Quach In Datadog

Managing dynamic cloud environments is an ongoing challenge for organizations as they scale and innovate. Protecting assets, data, and reputations is more important than ever, yet detecting insider threats, compromised accounts, and unusual behavior in an environment remains complex. Traditional SIEM solutions often focus on reactive, event-driven insights, but to meet today’s evolving needs, many teams are embracing proactive approaches like user and entity behavior analytics (UEBA).

Read Post

Datadog

Read more about Accelerate investigations with Datadog Cloud SIEM Risk Insights for AWS, GCP, and Azure entities

Configuring RADIUS | JumpCloud University Tutorial (2024)

Jun 26, 2024 By JumpCloud In JumpCloud

In this tutorial, you'll see how to configure JumpCloud's Cloud RADIUS for your organization, Wireless or VPN networks. JumpCloud's Cloud RADIUS allows you to use either JumpCloud or Azure AD as your identity provider. Cloud RADIUS also supports Certificate Based Authentication, allowing you to bring your own certificates for Passwordless authentication. To discover more resources checkout JumpCloud University where you’ll find courses, tutorial videos, engaging guided simulations, and end user content.

View Video

JumpCloud

Read more about Configuring RADIUS | JumpCloud University Tutorial (2024)

CVE-2024-36680: SQL Injection Vulnerability in Facebook's PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

Jun 26, 2024 By Wallarm In Wallarm

PrestaShop is a free, open-source E-commerce platform launched in 2007. Built with PHP and MySQL, it offers customizable, scalable solutions for online stores. Features include product management, inventory tracking, and payment processing. Supporting multiple languages and currencies, it's ideal for small to medium businesses worldwide. Built by Promokit, the pkFacebook add-on integrates PrestaShop with Facebook, enabling product catalog sync, dynamic ads, and Facebook Shop creation.

Read Post

Wallarm

Read more about CVE-2024-36680: SQL Injection Vulnerability in Facebook's PrestaShop Module Exposes Thousands of E-commerce Sites to Credit Card Fraud

JUMPSEC Red Teaming in the cloud forecast for the future

Jun 26, 2024 By JUMPSEC In JUMPSEC

A red teamer’s forecast – Cloudy with a chance of hacks Our adversarial simulation team will outline how attackers exploit cloud infrastructure and offer strategies to counter their efforts. Key insights involve recognising significant security risks in cloud adoption, including emerging attack vectors, comprehending hacker tactics in cloud settings, and swiftly implementing effective measures to safeguard cloud environments.

View Video

JUMPSEC

Read more about JUMPSEC Red Teaming in the cloud forecast for the future

The Double-Edged Sword of AI: Empowering Cybercriminals and the Need for Heightened Cybersecurity Awareness

Jun 26, 2024 By Javvad Malik In KnowBe4

The BBC recently reported that Booking.com is warning that AI is driving an explosion in travel scams. Up to 900% in their estimation - making it abundantly clear that while AI can be a force for good, it can also be a formidable weapon in the arsenal of cybercriminals. One of the most concerning trends we've observed is the increasing use of AI by cybercriminals to carry out sophisticated phishing attacks.

Read Post

KnowBe4

Read more about The Double-Edged Sword of AI: Empowering Cybercriminals and the Need for Heightened Cybersecurity Awareness

Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security

Jun 26, 2024 By Cody Queen In CrowdStrike

We’re thrilled to share that the CrowdStrike Falcon sensor now fully supports Google Cloud Run, bringing advanced security capabilities to your serverless applications. While we announced this at Google Cloud Next in April 2024, this blog goes deeper into the integration and shares how customers leveraging Google Cloud Run and CrowdStrike can deploy Falcon quickly to enhance their serverless security requirements.

Read Post

CrowdStrike

Read more about Falcon Cloud Security Supports Google Cloud Run to Strengthen Serverless Application Security

What Drives an SME's Approach to Implementing AI?

Jun 26, 2024 By Kate Lake In JumpCloud

AI’s rise in both the business and consumer worlds has been astonishingly exponential. Businesses are using AI to generate content, analyze data, automate processes, and more. But small and medium-sized enterprises (SMEs) look and act very differently from their enterprise counterparts. This prompts the question: How are SMEs approaching AI? Recent data from a 2024 JumpCloud study of SME IT may help answer it.

Read Post