Zafran Labs identified 2 critical vulns in Chainlit, a widely used AI framework. The flaws allow attackers to leak cloud API keys and steal sensitive files, as well as perform SSRF against servers hosting AI applications. @0xgalz@ido__shani https://t.co/4lJ92HhKs5
@Zafran_io is out with a fresh research!
We found that 20% of Fortune1000 companies fail to properly configure their CDN-WAF solutions, leading to a very widespread WAF bypass that can allow DDoS attacks, or exploitation of *unprotected* Web-Apps!
https://t.co/bbJUjc0RIG
This research represents the high-degree of chaos that exists in cybersecurity nowadays - a swath of applications, complex network layouts, and security tools, that many times are actually left exposed and insecure. (in)security through over complexity.
Today, @Zafran_io emerges from stealth to introduce the world's first risk and mitigation platform, empowering security teams to mobilize existing security controls and defuse threat exploitation beyond patching. We're thrilled to be part of their journey!
https://t.co/Fo5LcZkEbo
Within minutes of meeting @sanazyashar, I wanted to work with her – she is smart, resilient and makes ample use of the word “we.” Sanaz, @BenSeri87, @snir_h and the @Zafran_io team continue to impress us @Sequoia, and we are proud to lead their Series A.
https://t.co/mm1eq7Ykxt
Security teams desperately need respite from the endless toil of patching every vulnerability. That's where @Zafran_io comes in! @sanazyashar, @BenSeri87 and Snir Havdala have created a Risk & Mitigation Platform that defuses threats by using existing security tools. We @sequoia are proud to lead their Series A.
https://t.co/fyvO2mJbNH
After a few years of dropping 0days, it is time to start mitigating vulnerabilities at-scale.
It is an honor to start a company with my great co-founders @sanazyashar and @snir_h !
Excited about the ride ahead 🚀
@giliraanan@Lior_Simon_
🎉 We are happy to announce Zafran Security is officially out of stealth with the world's first Risk & Mitigation Platform. 🎉 To learn more visit: https://t.co/VzCq9GDG24
@MehrdadNoush@Laughing_Mantis We actually demoed such an attack at @ArmisSecurity a few years ago, by targeting Aruba access points that had built in Bluetooth, and breached our offices internal network using a drone. Crazy it happends today IRL
https://t.co/vGMASrHMHS
TLStorm2.0 - A set of critical vulnerabilities for Aruba and Avaya switches that can break network segmentation. Research by @AfutaNoam@Gal_Levy92@TheYuvalShow, taking a closer look at TLS implementations of widely used switches.
Demo video on https://t.co/3rGI0UppWj
🧵⬇️ 1/4
Today at Nullcon, @Gal_Levy92 and @TheYuvalShow from Armis Research Labs presented TLStorm - A set of vulnerabilities that can allow attackers to gain complete control over Smart UPS devices from the internet. Live demo of a UPS frying itself using RCE in the attached photo