Innovation’s Vulnerabilities: We must Always Remain Vigilant

News always presents new technologies as solving vulnerabilities by being so advanced or having unique features, that a vulnerability will never arise. This is often sold by the product marketing team, that their product’s security is futuristic and no flaws will ever exist. This, however, is never taking into account the determination, persistence, and curiosity of the hacker. As long as tech exists, hackers will try to brake it.

A series of technology innovations and patches always is presented as a “gotcha” to the hackers, that it will never be exploited again. This can be seen in Kubernetes, once presented as the most secure container orchestration system, had numerous families of exploits that just evolved with time: From CVE-2017-1002101, CVE-2021-25749, and CVE-2022-1471 to the latest CVE-2023-3676. Four vulnerabilities built on the back of each other, finding new ways to escalate privileges via YAML. This can also be seen in the Log4Shell series of exploits, where more vulnerabilities were discovered as researchers finally did a deep dive into the security of Log4J.

Even when the innovation is a security tool, application, or feature itself, it is not immune. Zoom and Whatsapp both had numerous flaws in their end-end encryption.

Beyond these, is the ever growing sector of AI, where OWASP has released a list of the most dangerous security risks for Larger Language Models. A malicious use of this can be seen here in our discussion of AI's role in phishing. The more something becomes useful, the more potential exploits exist. This is because security and usability are at the opposite ends of the spectrum.

So, what can you do? Staying on top of patches and updates as well as modelling your risk prior to a vulnerability is discovered is important, so book a demo to see how Glassportal can help you: demo@glassportal.io