Category: cyberattack

Auto Added by WPeMatico

Autonomous AI Hacking and the Future of Cybersecurity

Posted on By infossl
AI, cyberattack, hacking, LLM, Security technology, Uncategorized, vulnerabilities

AI agents are now hacking computers. They’re getting better at all phases of cyberattacks, faster than most of us expected. They can chain together different aspects of a cyber operation, and hack autonomously, at computer speeds and scale. This is going to change everything. Over the summer, hackers proved the concept, industry institutionalized it, and … Read More “Autonomous AI Hacking and the Future of Cybersecurity” »

Daniel Miessler on the AI Attack/Defense Balance

Posted on By infossl
AI, cyberattack, defense, Security technology, Uncategorized

His conclusion: Context wins Basically whoever can see the most about the target, and can hold that picture in their mind the best, will be best at finding the vulnerabilities the fastest and taking advantage of them. Or, as the defender, applying patches or mitigations the fastest. And if you’re on the inside you know … Read More “Daniel Miessler on the AI Attack/Defense Balance” »

US Disrupts Massive Cell Phone Array in New York

Posted on By infossl
cell phones, cyberattack, denial of service, infrastructure, Security technology, telecom, Uncategorized

This is a weird story: The US Secret Service disrupted a network of telecommunications devices that could have shut down cellular systems as leaders gather for the United Nations General Assembly in New York City. The agency said on Tuesday that last month it found more than 300 SIM servers and 100,000 SIM cards that … Read More “US Disrupts Massive Cell Phone Array in New York” »

Time-of-Check Time-of-Use Attacks Against LLMs

Posted on By infossl
academic papers, cyberattack, LLM, Security technology, Uncategorized, vulnerabilities

This is a nice piece of research: “Mind the Gap: Time-of-Check to Time-of-Use Vulnerabilities in LLM-Enabled Agents“.: Abstract: Large Language Model (LLM)-enabled agents are rapidly emerging across a wide range of applications, but their deployment introduces vulnerabilities with security implications. While prior work has examined prompt-based attacks (e.g., prompt injection) and data-oriented threats (e.g., data … Read More “Time-of-Check Time-of-Use Attacks Against LLMs” »

A Cyberattack Victim Notification Framework

Posted on By infossl
cyberattack, disclosure, Security technology, Uncategorized

Interesting analysis: When cyber incidents occur, victims should be notified in a timely manner so they have the opportunity to assess and remediate any harm. However, providing notifications has proven a challenge across industry. When making notifications, companies often do not know the true identity of victims and may only have a single email address … Read More “A Cyberattack Victim Notification Framework” »

Indirect Prompt Injection Attacks Against LLM Assistants

Posted on By infossl
academic papers, AI, cyberattack, LLM, Security technology, threat models, Uncategorized

Really good research on practical attacks against LLM agents. “Invitation Is All You Need! Promptware Attacks Against LLM-Powered Assistants in Production Are Practical and Dangerous” Abstract: The growing integration of LLMs into applications has introduced new security risks, notably known as Promptware­—maliciously engineered prompts designed to manipulate LLMs to compromise the CIA triad of these … Read More “Indirect Prompt Injection Attacks Against LLM Assistants” »

We Are Still Unable to Secure LLMs from Malicious Inputs

Posted on By infossl
AI, cyberattack, LLM, Security technology, Uncategorized

Nice indirect prompt injection attack: Bargury’s attack starts with a poisoned document, which is shared to a potential victim’s Google Drive. (Bargury says a victim could have also uploaded a compromised file to their own account.) It looks like an official document on company meeting policies. But inside the document, Bargury hid a 300-word malicious … Read More “We Are Still Unable to Secure LLMs from Malicious Inputs” »

Subverting AIOps Systems Through Poisoned Input Data

Posted on By infossl
academic papers, AI, cyberattack, integrity, LLM, Security technology, Uncategorized

In this input integrity attack against an AI system, researchers were able to fool AIOps tools: AIOps refers to the use of LLM-based agents to gather and analyze application telemetry, including system logs, performance metrics, traces, and alerts, to detect problems and then suggest or carry out corrective actions. The likes of Cisco have deployed … Read More “Subverting AIOps Systems Through Poisoned Input Data” »

Measuring the Attack/Defense Balance

Posted on By infossl
cyberattack, defense, reports, Security technology, Uncategorized

“Who’s winning on the internet, the attackers or the defenders?” I’m asked this all the time, and I can only ever give a qualitative hand-wavy answer. But Jason Healey and Tarang Jain’s latest Lawfare piece has amassed data. The essay provides the first framework for metrics about how we are all doing collectively—and not just … Read More “Measuring the Attack/Defense Balance” »