Andy's News Roundup

Mitigating RBAC-Based Privilege Escalation in Popular Kubernetes Platforms


This post is also available in: 日本語 (Japanese)Executive Summary Prisma Cloud and Unit 42 recently released a report examining the use of powerful credentials in popular Kubernetes platforms, which found most platforms install privileged infrastructure components that could be abused for privilege escalation. We're happy to share that, as of today, all platforms mentioned in our report have addressed built-in node-to-admin privilege escalation. However, it’s possible third party add-ons might reintroduce...

ChatGPT Creates a Working WordPress Plugin – On the First Try


ChatGPT passed 1 million users today and Twitter is brimming with a steady stream of creative questions and applications for the AI-powered chatbot. The language model, created by OpenAI, is powered by GPT-3.5, a series of models trained on text and code from before Q4 2021. The model features a dialogue format that gives ChatGPT the ability to “answer followup questions, admit its mistakes, challenge incorrect premises, and reject inappropriate requests.” While some are busy predicting the end of search engines and sounding the death knell for human-generated writing, others are fascinated by the potential of AI systems to...

Ferrari, BMW, Rolls Royce, Porsche and more fix vulnerabilities giving car takeover capabilities


Several of the biggest car brands in the world have fixed dozens of vulnerabilities, some of which could have allowed for the full takeover of vehicles, according to a team of security researchers. The bugs were found in Mercedes-Benz, BMW, Rolls Royce, Ferrari, Ford, Porsche, Toyota, Jaguar and Land Rover vehicles, as well as GPS tracking company Spireon and digital license plate company Reviver.  The findings build on issues discovered in November by Yuga Labs staff security engineer Sam Curry, who drew attention two months ago for finding vulnerabilities in Hyundai and Genesis vehicles as well as issues related...

Next page