Just last week the UK’s NCSC issued a warning, stating that it sees alarming potential for so-called prompt injection attacks, driven by the large language models that power AI. The NSCS stated “Amongst the understandable excitement around LLMs, the global tech community still doesn‘t yet fully understand LLM’s capabilities, weaknesses, and (crucially) vulnerabilities.
During a recent customer engagement, I came across an instance of a rather rare vulnerability class called HTTP request smuggling. Over the course of several grueling days of exploit development, I was eventually able to abuse this vulnerability to trigger a response queue desynchronization, allowing me to capture other users’ requests, leading to session hijacking.
This release, we’re really excited about major improvements to Calico’s workload-centric WAF. We’ve made it much easier for users to configure and deploy the WAF in just a few clicks and we’ve also made it much easier to review and manage WAF alerts through our new Security Events feature.
The fastest adversary can “break out” — or move laterally — in only seven minutes after compromising an endpoint. Yes, you heard that right. Seven minutes. In the relentless race against adversaries, every second counts. To avoid breaches, you need to detect and stop adversaries before they can break out and expand their realm of control.
Today’s edition of GRC Newsflash features our Compliance Specialist Frank Kyazze, and covers Risk Updates from the SEC announced on July 26, 2023.
