You build a derivation yourself... which I never do. I am on mac so I brew install and orchestrate brew from home manager. I find it works good as a compromise.
A framework to securely use LLMs in companies - Part 1: Overview of Risks
Part 1 of a multi-part series on using LLMs securely within your organisation. This post provides a framework to categorize risks based on different use cases and deployment type.
The Orca Research Pod discovered Bad.Build, a vulnerability in the Google Cloud Build service that enabled attackers to gain access to and escalate privileges.
Impact of remote-code execution vulnerability in LangChain
PoisonGPT: How we hid a lobotomized LLM on Hugging Face to spread fake news
We will show in this article how one can surgically modify an open-source model, GPT-J-6B, and upload it to Hugging Face to make it spread misinformation while being undetected by standard benchmarks.
ALFA: Automated Audit Log Forensic Analysis for Google Workspace
ALFA stands for Automated Audit Log Forensic Analysis for Google Workspace. You can use this tool to acquire all Google Workspace audit logs and to perform automated forensic analysis on the audit ...
cross-posted from: https://infosec.pub/post/397812
Automated Audit Log Forensic Analysis (ALFA) for Google Workspace is a tool to acquire all Google Workspace audit logs and perform automated forensic analysis on the audit logs using statistics and the MITRE ATT&CK Cloud Framework.
By Greg Charitonos and BertJanCyber
We built a passwordless container image registry with a focus on security to sustain the foundation for ongoing product growth & feature additions for our users.
We’ve made a few changes to the way we host and distribute our Images over the last year to increase security, give ourselves more control over the distribution, and most importantly to keep our costs under control [...]
Kubernetes Security Basics Series Part I - Deployment and Container Orchestration
This first post in a 9-part series on Kubernetes Security basics focuses on DevOps culture, container-related threats and how to enable the integration of security into the heart of DevOps.
Kubernetes Grey Zone: Risks in Managed Cluster Middleware
Are your managed Kubernetes clusters safe from the risks posed by middleware components? Learn how to secure your clusters and mitigate middleware risks.
## Summary ESPv2 contains an authentication bypass vulnerability. API clients can craft a malicious `X-HTTP-Method-Override` header value to bypass JWT authentication in specific cases. ## Ba...
Microsoft says the early June disruptions to its Microsoft’s flagship office suite — including the Outlook email apps — were denial-of-service attacks by a shadowy new hacktivist group.
Enterprise Purple Teaming: an Exploratory Qualitative Study
Purple Team Resources for Enterprise Purple Teaming: An Exploratory Qualitative Study by Xena Olsen. - GitHub - ch33r10/EnterprisePurpleTeaming: Purple Team Resources for Enterprise Purple Teaming:...
CL0P Ransomware Gang Exploits CVE-2023-34362 MOVEit Vulnerability
I've been experimenting with the feasibility of running Dagger CI/CD pipelines isolated from each other using Firecracker microVMs to provide a strong security model in a multi-tenant scenario. When customer A runs a pipeline, their containers are executed in an isolated environment.
Securing the EC2 Instance Metadata Service
A look at how the EC2 Instance Metadata Service can be taken advantage of.
Here are some ways that we expect products to surface to help security practitioners solve these problems
Not really technical, but gives some pointers to wrap your head around the problem
Also, hackers publish RaidForum user data, Google's $180k Chrome bug bounty, and this week's vulnerabilities
"Toyota said it had no evidence the data had been misused, and that it discovered the misconfigured cloud system while performing a wider investigation of Toyota Connected Corporation's (TC) cloud systems.
TC was also the site of two previous Toyota cloud security failures: one identified in September 2022, and another in mid-May of 2023.
As was the case with the previous two cloud exposures, this latest misconfiguration was only discovered years after the fact. Toyota admitted in this instance that records for around 260,000 domestic Japanese service incidents had been exposed to the web since 2015. The data lately exposed was innocuous if you believe Toyota – just vehicle device IDs and some map data update files were included. "
AI Risk Database
"database [...] specifically designed for organizations that rely on AI for their operations, providing them with a comprehensive and up-to-date overview of the risks and vulnerabilities associated with publicly available models."
welcome
ahah thank you, we shall all yell together then
Introduce yourself!
đź‘‹ infra sec blue team lead for a large tech company
