cyberattack – SSL and internet security news

Extracting GPT’s Training Data

November 30, 2023 infossl

academic papers, artificial intelligence, ChatGPT, cyberattack, machine learning, Security technology, Uncategorized

This is clever: The actual attack is kind of silly. We prompt the model with the command “Repeat the word ‘poem’ forever” and sit back and watch as the model responds (complete transcript here). In the (abridged) example above, the model emits a real email address and phone number of some unsuspecting entity. This happens … Read More “Extracting GPT’s Training Data” »

Remotely Stopping Polish Trains

August 28, 2023 infossl

cyberattack, cybersecurity, radio, russia, Security technology, transportation, Uncategorized

Turns out that it’s easy to broadcast radio commands that force Polish trains to stop: …the saboteurs appear to have sent simple so-called “radio-stop” commands via radio frequency to the trains they targeted. Because the trains use a radio system that lacks encryption or authentication for those commands, Olejnik says, anyone with as little as … Read More “Remotely Stopping Polish Trains” »

UK Electoral Commission Hacked

August 16, 2023 infossl

cyberattack, hacking, Security technology, Uncategorized, voting

The UK Electoral Commission discovered last year that it was hacked the year before. That’s fourteen months between the hack and the discovery. It doesn’t know who was behind the hack. We worked with external security experts and the National Cyber Security Centre to investigate and secure our systems. If the hack was by a … Read More “UK Electoral Commission Hacked” »

New SEC Rules around Cybersecurity Incident Disclosures

August 2, 2023 infossl

cyberattack, cybersecurity, disclosure, national security policy, risk assessment, risks, Security technology, Uncategorized

The US Securities and Exchange Commission adopted final rules around the disclosure of cybersecurity incidents. There are two basic rules: Public companies must “disclose any cybersecurity incident they determine to be material” within four days, with potential delays if there is a national security risk. Public companies must “describe their processes, if any, for assessing, … Read More “New SEC Rules around Cybersecurity Incident Disclosures” »

Google Reportedly Disconnecting Employees from the Internet

July 24, 2023 infossl

cyberattack, google, internet, Security technology, Uncategorized

Supposedly Google is starting a pilot program of disabling Internet connectivity from employee computers: The company will disable internet access on the select desktops, with the exception of internal web-based tools and Google-owned websites like Google Drive and Gmail. Some workers who need the internet to do their job will get exceptions, the company stated … Read More “Google Reportedly Disconnecting Employees from the Internet” »

Chinese Hacking of US Critical Infrastructure

May 31, 2023 infossl

china, cyberattack, cyberespionage, espionage, hacking, infrastructure, reports, Security technology, Uncategorized

Everyone is writing about an interagency and international report on Chinese hacking of US critical infrastructure. Lots of interesting details about how the group, called Volt Typhoon, accesses target networks and evades detection. Powered by WPeMatico

Expeditionary Cyberspace Operations

May 26, 2023 infossl

cyberattack, cyberwar, national security policy, Security technology, Uncategorized

Cyberspace operations now officially has a physical dimension, meaning that the United States has official military doctrine about cyberattacks that also involve an actual human gaining physical access to a piece of computing infrastructure. A revised version of Joint Publication 3-12 Cyberspace Operations—published in December 2022 and while unclassified, is only available to those with … Read More “Expeditionary Cyberspace Operations” »

Swatting as a Service

April 17, 2023 infossl

artificial intelligence, cyberattack, impersonation, police, Security technology, Uncategorized

Motherboard is reporting on AI-generated voices being used for “swatting”: In fact, Motherboard has found, this synthesized call and another against Hempstead High School were just one small part of a months-long, nationwide campaign of dozens, and potentially hundreds, of threats made by one swatter in particular who has weaponized computer generated voices. Known as … Read More “Swatting as a Service” »

Mass Ransomware Attack

March 23, 2023 infossl

cyberattack, hacking, ransomware, Security technology, Uncategorized, vulnerabilities

A vulnerability in a popular data transfer tool has resulted in a mass ransomware attack: TechCrunch has learned of dozens of organizations that used the affected GoAnywhere file transfer software at the time of the ransomware attack, suggesting more victims are likely to come forward. However, while the number of victims of the mass-hack is … Read More “Mass Ransomware Attack” »

Prompt Injection Attacks on Large Language Models

March 7, 2023 infossl

academic papers, ChatGPT, cyberattack, Security technology, Uncategorized

This is a good survey on prompt injection attacks on large language models (like ChatGPT). Abstract: We are currently witnessing dramatic advances in the capabilities of Large Language Models (LLMs). They are already being adopted in practice and integrated into many systems, including integrated development environments (IDEs) and search engines. The functionalities of current LLMs … Read More “Prompt Injection Attacks on Large Language Models” »