Rule Update
19-043 (August 20, 2019)
DESCRIPTION
* indicates a new version of an existing rule
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003583* - Asterisk IAX2 Resource Exhaustion Denial Of Service
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)
DHCP Failover Protocol Server
1009939 - Microsoft Windows DHCP Server Failover Denial Of Service Vulnerability (CVE-2019-1206)
DNS Client
1003329* - DNS Server Response Validation Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1002596* - Generic Malicious DNS Server Detection
1002657* - Identified Too Many DNS Responses
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1004997* - Detected Too Many Oracle TNS Service Register Requests
1001832* - Oracle Database Server Possible Brute Force Attempt (ATT&CK T1110)
Database PostgreSQL
1000481* - PostgreSQL Encoded String Handling SQL Command Injection
FTP Server Common
1002413* - FTP Server Possible Brute Force Attempt (ATT&CK T1110)
Instant Messenger Applications
1002159* - Skype
Ipswitch WS_FTP Logging Server Daemon
1003789* - Ipswitch FTP Log Server Denial Of Service Vulnerability
MS-RDPEUDP2
1009940 - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941 - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Mail Client Miscellaneous
1001206* - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows
1001174* - IPSwitch IMail Client MIME Type Boundary Variable Buffer Overflow
1004314* - Identified LNK/PIF File Over SMTP
1000207* - Mozilla Thunderbird WYSIWYG Engine Filtering IFRAME JavaScript Execution
Mail Client Outlook
1000482* - Microsoft Outlook Rich Text TNEF Decoding Buffer Overflow
1000904* - Microsoft Outlook VEVENT Remote Code Execution
1000777* - Microsoft Outlook VML Rect Fill Method Buffer Overflow
Mail Client Outlook Express
1003148* - Microsoft Outlook Express Malformed MIME Message Denial Of Service
1003149* - Microsoft Outlook Express Malformed MIME Message DoS
Mail Client Windows
1003319* - Adobe Acrobat And Reader PDF File Handling Remote Code Execution Vulnerability.
1001311* - Adobe Acrobat Mailto PDF File Command Execution Vulnerability.
1001320* - CA Product AV Engine CAB Header Parsing Stack Overflow.
1001204* - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows.
1001310* - Microsoft DirectX WAV File Parsing Code Execution Vulnerability.
1000949* - Microsoft OLE Dialog Code Execution.
1001201* - Microsoft Office Jet DataBase Engine MDB File Parsing Buffer Overflow.
1001268* - Microsoft Outlook VML Buffer Overflow.
1001207* - Microsoft PowerPoint Malformed Data Record Code Execution.
1001231* - Microsoft PowerPoint Unspecified Code Execution.
1001232* - Microsoft Publisher Font Parsing Buffer Overflow.
1001004* - Microsoft Windows ANI File Remote Code Execution.
1000244* - Microsoft Windows EOT File Remote code execution vulnerability Client
1001190* - Microsoft Windows Explorer WMF File Denial Of Service.
1001269* - Microsoft Windows Media Format ASF Parsing Remote Code Execution (CVE-2007-0064)
1001270* - Microsoft Windows Media Player MP4 File Stack Overflow.
1000215* - Microsoft Windows PPT File Routing Slip Code Execution
1000973* - Microsoft Windows Vista Windows Mail Local File Execution
1000243* - Microsoft Windows WMF "SETABORTPROC" Code Execution.
1000240* - Microsoft Windows WMF ExtEscape and ExtCreateRegion DoS.
1001227* - Microsoft Word 2000 Unspecified Code Execution.
1001233* - Microsoft Word Code Execution Vulnerability.
1001234* - Microsoft Word Memory Corruption Remote Code Execution.
1001193* - Microsoft Word RTF Documents Parsing Remote Code Execution.
1001376* - Multiple Browser QuickTime Command Execution.
1002444* - Novell GroupWise Client mailto: Scheme Buffer Overflow
Mail Server Common
1000161* - Microsoft Windows EOT File Remote Code Execution Vulnerability
1000162* - Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution
Mail Server Exim
1004549* - Exim Crafted Header Remote Code Execution Vulnerability
Mail Server Microsoft Exchange
1000456* - Calendar Remote Code Execution Vulnerability.
1000993* - Microsoft Exchange Malformed iCal Denial of Service
1000614* - Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability
1000467* - Microsoft Exchange TNEF Decoding Buffer Overflow
1002946* - Microsoft Outlook Web Access For Exchange Server 'redir.asp' URI Redirection Vulnerability
Mail Server Miscellaneous
1000429* - E-Post SMTP "AUTH PLAIN" And "AUTH LOGIN" Command Vulnerability
1003512* - Multiple XSS Vulnerabilities In Sun Communications Express
Media Streaming Server RealServer
1003632* - Detected Too Many Malicious Outbound RealNetworks Helix Server RTSP Requests
Microsoft Office
1009854* - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111)
1000213* - Microsoft Excel rtSERIES, rtSIINDEX, BOOLERR Record Chart Parsing Code Execution
1009023* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028)
1000258* - Microsoft Office XLW File Array Index Out Of Bounds DOS Vulnerability
1009909* - Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201)
NFS Server
1003401* - Disallow Device Node Creation Over NFS
Novell GroupWise Internet Agent
1003525* - Novell GroupWise Internet Agent SMTP Command Remote Buffer Overflow
Pidgin Instant Messenger
1004013* - Pidgin Multiple Denial Of Service Vulnerabilities
Protocol MSN
1004361* - Windows Live Messenger Animation Remote Denial Of Service
SSL Client
1009915 - Identified WhatsApp Registration (ATT&CK T1102)
1009932 - Telegram Bot API Usage (Used by Telecrypt) (ATT&CK T1102)
SSL Client Applications
1009914 - Identified Github Authentication (ATT&CK T1102)
Unix Telnet
1002414* - Telnet Server Possible Brute Force Attempt (ATT&CK T1110)
VoIP Smart
1000350* - No Content in INVITE Request
1000366* - OPTIONS Method Information Disclosure
1000384* - Unauthorized INVITE and REGISTER Requests
Web Administrator Websense Email Security
1003811* - Websense Email Security And Email Manager 'STEMWADM.EXE' Remote Denial Of Service
Web Application Common
1009911 - Identified Twitter Command & Control Communication (ATT&CK T1102)
Web Application PHP Based
1006607* - Identified Drupal Password Reset Request
Web Application Tomcat
1000638* - Apache Tomcat "Tomcat Manager" Cross-Site Scripting
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1008739* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
1009916 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 1
1009917 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 2
1009918 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 3
1009919 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1009920 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 5
1009921 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6
1009922 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 7
1009923 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 8
1009924 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 9
1000943* - Detect UPX Packed Executable Download (ATT&CK T1045)
1004596* - Detected Night Dragon Network Communication
1009912 - Detected Vkontakte Site Access Over HTTP (ATT&CK T1102)
1009913 - Identified Pastebin Communication (ATT&CK T1102)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1009851* - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1093)
1009852* - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1097)
1009933 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1155)
1009934 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1156)
1009936 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1157)
1009938 - Microsoft Windows 'gdiplus' Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1154)
1009927 - Microsoft Windows EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1143)
1009929 - Microsoft Windows Font Subsetting Library Double Free Remote Code Execution Vulnerability (CVE-2019-1144)
1009928 - Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1148)
1009930 - Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability (CVE-2019-1145)
1009765* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8472)
1009856* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1094)
1009857* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1095)
1009858* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1098)
1009859* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1099)
1009860* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1100)
1009861* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1101)
1009862* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1116)
1009935 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1158)
1009926 - Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2019-1146)
1009925 - Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2019-1147)
1009937 - Microsoft XmlLite Runtime Denial of Service Vulnerability (CVE-2019-1187)
Web Client Internet Explorer/Edge
1005202* - Microsoft Internet Explorer 'cloneNode' Use After Free Vulnerability (CVE-2012-2557)
Web Server HTTPS
1009931 - Identified HTTP/2 Traffic
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
1000532* - Microsoft IIS 4.0/5.0 Malformed .htr Request Vulnerability
1000439* - Microsoft IIS Source Code Disclosure Vulnerability
1000390* - WEB-IIS .bat/.cmd remote command execution
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Deep Packet Inspection Rules:
Asterisk Server IAX2
1003583* - Asterisk IAX2 Resource Exhaustion Denial Of Service
1003778* - Digium Asterisk IAX2 Call Number Denial Of Service
DCERPC Services
1001852* - Identified Attempt To Brute Force Windows Login Credentials (ATT&CK T1110)
DHCP Failover Protocol Server
1009939 - Microsoft Windows DHCP Server Failover Denial Of Service Vulnerability (CVE-2019-1206)
DNS Client
1003329* - DNS Server Response Validation Vulnerability
1005020* - Detected Too Many DNS Responses With 'No Such Name' Error
1002596* - Generic Malicious DNS Server Detection
1002657* - Identified Too Many DNS Responses
Database MySQL
1005045* - MySQL Database Server Possible Login Brute Force Attempt (ATT&CK T1110)
Database Oracle
1004997* - Detected Too Many Oracle TNS Service Register Requests
1001832* - Oracle Database Server Possible Brute Force Attempt (ATT&CK T1110)
Database PostgreSQL
1000481* - PostgreSQL Encoded String Handling SQL Command Injection
FTP Server Common
1002413* - FTP Server Possible Brute Force Attempt (ATT&CK T1110)
Instant Messenger Applications
1002159* - Skype
Ipswitch WS_FTP Logging Server Daemon
1003789* - Ipswitch FTP Log Server Denial Of Service Vulnerability
MS-RDPEUDP2
1009940 - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1224)
1009941 - Microsoft Windows RDP Server Information Disclosure Vulnerability (CVE-2019-1225)
Mail Client Miscellaneous
1001206* - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows
1001174* - IPSwitch IMail Client MIME Type Boundary Variable Buffer Overflow
1004314* - Identified LNK/PIF File Over SMTP
1000207* - Mozilla Thunderbird WYSIWYG Engine Filtering IFRAME JavaScript Execution
Mail Client Outlook
1000482* - Microsoft Outlook Rich Text TNEF Decoding Buffer Overflow
1000904* - Microsoft Outlook VEVENT Remote Code Execution
1000777* - Microsoft Outlook VML Rect Fill Method Buffer Overflow
Mail Client Outlook Express
1003148* - Microsoft Outlook Express Malformed MIME Message Denial Of Service
1003149* - Microsoft Outlook Express Malformed MIME Message DoS
Mail Client Windows
1003319* - Adobe Acrobat And Reader PDF File Handling Remote Code Execution Vulnerability.
1001311* - Adobe Acrobat Mailto PDF File Command Execution Vulnerability.
1001320* - CA Product AV Engine CAB Header Parsing Stack Overflow.
1001204* - IBM Lotus Notes Lotus 1-2-3 Work Sheet File Viewer Buffer Overflows.
1001310* - Microsoft DirectX WAV File Parsing Code Execution Vulnerability.
1000949* - Microsoft OLE Dialog Code Execution.
1001201* - Microsoft Office Jet DataBase Engine MDB File Parsing Buffer Overflow.
1001268* - Microsoft Outlook VML Buffer Overflow.
1001207* - Microsoft PowerPoint Malformed Data Record Code Execution.
1001231* - Microsoft PowerPoint Unspecified Code Execution.
1001232* - Microsoft Publisher Font Parsing Buffer Overflow.
1001004* - Microsoft Windows ANI File Remote Code Execution.
1000244* - Microsoft Windows EOT File Remote code execution vulnerability Client
1001190* - Microsoft Windows Explorer WMF File Denial Of Service.
1001269* - Microsoft Windows Media Format ASF Parsing Remote Code Execution (CVE-2007-0064)
1001270* - Microsoft Windows Media Player MP4 File Stack Overflow.
1000215* - Microsoft Windows PPT File Routing Slip Code Execution
1000973* - Microsoft Windows Vista Windows Mail Local File Execution
1000243* - Microsoft Windows WMF "SETABORTPROC" Code Execution.
1000240* - Microsoft Windows WMF ExtEscape and ExtCreateRegion DoS.
1001227* - Microsoft Word 2000 Unspecified Code Execution.
1001233* - Microsoft Word Code Execution Vulnerability.
1001234* - Microsoft Word Memory Corruption Remote Code Execution.
1001193* - Microsoft Word RTF Documents Parsing Remote Code Execution.
1001376* - Multiple Browser QuickTime Command Execution.
1002444* - Novell GroupWise Client mailto: Scheme Buffer Overflow
Mail Server Common
1000161* - Microsoft Windows EOT File Remote Code Execution Vulnerability
1000162* - Microsoft Windows WMF "SETABORTPROC" Arbitrary Code Execution
Mail Server Exim
1004549* - Exim Crafted Header Remote Code Execution Vulnerability
Mail Server Microsoft Exchange
1000456* - Calendar Remote Code Execution Vulnerability.
1000993* - Microsoft Exchange Malformed iCal Denial of Service
1000614* - Microsoft Exchange Server Outlook Web Access Script Injection Vulnerability
1000467* - Microsoft Exchange TNEF Decoding Buffer Overflow
1002946* - Microsoft Outlook Web Access For Exchange Server 'redir.asp' URI Redirection Vulnerability
Mail Server Miscellaneous
1000429* - E-Post SMTP "AUTH PLAIN" And "AUTH LOGIN" Command Vulnerability
1003512* - Multiple XSS Vulnerabilities In Sun Communications Express
Media Streaming Server RealServer
1003632* - Detected Too Many Malicious Outbound RealNetworks Helix Server RTSP Requests
Microsoft Office
1009854* - Microsoft Excel Remote Code Execution Vulnerability (CVE-2019-1111)
1000213* - Microsoft Excel rtSERIES, rtSIINDEX, BOOLERR Record Chart Parsing Code Execution
1009023* - Microsoft Office Graphics Remote Code Execution Vulnerability (CVE-2018-1028)
1000258* - Microsoft Office XLW File Array Index Out Of Bounds DOS Vulnerability
1009909* - Microsoft Word Remote Code Execution Vulnerability (CVE-2019-1201)
NFS Server
1003401* - Disallow Device Node Creation Over NFS
Novell GroupWise Internet Agent
1003525* - Novell GroupWise Internet Agent SMTP Command Remote Buffer Overflow
Pidgin Instant Messenger
1004013* - Pidgin Multiple Denial Of Service Vulnerabilities
Protocol MSN
1004361* - Windows Live Messenger Animation Remote Denial Of Service
SSL Client
1009915 - Identified WhatsApp Registration (ATT&CK T1102)
1009932 - Telegram Bot API Usage (Used by Telecrypt) (ATT&CK T1102)
SSL Client Applications
1009914 - Identified Github Authentication (ATT&CK T1102)
Unix Telnet
1002414* - Telnet Server Possible Brute Force Attempt (ATT&CK T1110)
VoIP Smart
1000350* - No Content in INVITE Request
1000366* - OPTIONS Method Information Disclosure
1000384* - Unauthorized INVITE and REGISTER Requests
Web Administrator Websense Email Security
1003811* - Websense Email Security And Email Manager 'STEMWADM.EXE' Remote Denial Of Service
Web Application Common
1009911 - Identified Twitter Command & Control Communication (ATT&CK T1102)
Web Application PHP Based
1006607* - Identified Drupal Password Reset Request
Web Application Tomcat
1000638* - Apache Tomcat "Tomcat Manager" Cross-Site Scripting
1000697* - Directory Listing in Apache Tomcat 5.x.x
Web Client Common
1008739* - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB17-36) - 1
1009916 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 1
1009917 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 2
1009918 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 3
1009919 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 4
1009920 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 5
1009921 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 6
1009922 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 7
1009923 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 8
1009924 - Adobe Acrobat And Reader Multiple Security Vulnerabilities (APSB19-41) - 9
1000943* - Detect UPX Packed Executable Download (ATT&CK T1045)
1004596* - Detected Night Dragon Network Communication
1009912 - Detected Vkontakte Site Access Over HTTP (ATT&CK T1102)
1009913 - Identified Pastebin Communication (ATT&CK T1102)
1009483* - Linux APT Remote Code Execution Vulnerability (CVE-2019-3462)
1009851* - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1093)
1009852* - Microsoft DirectWrite Information Disclosure Vulnerability (CVE-2019-1097)
1009933 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1155)
1009934 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1156)
1009936 - Microsoft Jet Database Engine Remote Code Execution Vulnerability (CVE-2019-1157)
1009938 - Microsoft Windows 'gdiplus' Font Parsing Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1154)
1009927 - Microsoft Windows EMF Graphic Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1143)
1009929 - Microsoft Windows Font Subsetting Library Double Free Remote Code Execution Vulnerability (CVE-2019-1144)
1009928 - Microsoft Windows Font Subsetting Library Out-Of-Bounds Read Information Disclosure Vulnerability (CVE-2019-1148)
1009930 - Microsoft Windows Font Subsetting Library Use-After-Free Remote Code Execution Vulnerability (CVE-2019-1145)
1009765* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2018-8472)
1009856* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1094)
1009857* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1095)
1009858* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1098)
1009859* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1099)
1009860* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1100)
1009861* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1101)
1009862* - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1116)
1009935 - Microsoft Windows GDI Information Disclosure Vulnerability (CVE-2019-1158)
1009926 - Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2019-1146)
1009925 - Microsoft Windows JET Database Engine Out-Of-Bounds Write Remote Code Execution Vulnerability (CVE-2019-1147)
1009937 - Microsoft XmlLite Runtime Denial of Service Vulnerability (CVE-2019-1187)
Web Client Internet Explorer/Edge
1005202* - Microsoft Internet Explorer 'cloneNode' Use After Free Vulnerability (CVE-2012-2557)
Web Server HTTPS
1009931 - Identified HTTP/2 Traffic
Web Server IIS
1004409* - Microsoft .NET Framework ASP.NET 'Padding Oracle' Information Disclosure Vulnerability
1003671* - Microsoft ASP.NET Remote Unauthenticated Denial Of Service Vulnerability (CVE-2009-1536)
1000532* - Microsoft IIS 4.0/5.0 Malformed .htr Request Vulnerability
1000439* - Microsoft IIS Source Code Disclosure Vulnerability
1000390* - WEB-IIS .bat/.cmd remote command execution
Integrity Monitoring Rules:
There are no new or updated Integrity Monitoring Rules in this Security Update.
Log Inspection Rules:
There are no new or updated Log Inspection Rules in this Security Update.
Featured Stories
Unveiling AI Agent Vulnerabilities Part V: Securing LLM ServicesTo conclude our series on agentic AI, this article examines emerging vulnerabilities that threaten AI agents, focusing on providing proactive security recommendations on areas such as code execution, data exfiltration, and database access.Read more
Unveiling AI Agent Vulnerabilities Part IV: Database Access VulnerabilitiesHow can attackers exploit weaknesses in database-enabled AI agents? This research explores how SQL generation vulnerabilities, stored prompt injection, and vector store poisoning can be weaponized by attackers for fraudulent activities.Read more
The Mirage of AI Programming: Hallucinations and Code IntegrityThe adoption of large language models (LLMs) and Generative Pre-trained Transformers (GPTs), such as ChatGPT, by leading firms like Microsoft, Nuance, Mix and Google CCAI Insights, drives the industry towards a series of transformative changes. As the use of these new technologies becomes prevalent, it is important to understand their key behavior, advantages, and the risks they present.Read more
Open RAN: Attack of the xAppsThis article discusses two O-RAN vulnerabilities that attackers can exploit. One vulnerability stems from insufficient access control, and the other arises from faulty message handlingRead more