hacking – Page 2 – SSL and internet security news

The Hacking of Culture and the Creation of Socio-Technical Debt

June 19, 2024 infossl

data collection, hacking, noncomputer hacks, Security technology, Uncategorized

Culture is increasingly mediated through algorithms. These algorithms have splintered the organization of culture, a result of states and tech companies vying for influence over mass audiences. One byproduct of this splintering is a shift from imperfect but broad cultural narratives to a proliferation of niche groups, who are defined by ideology or aesthetics instead … Read More “The Hacking of Culture and the Creation of Socio-Technical Debt” »

LLMs’ Data-Control Path Insecurity

May 13, 2024 infossl

computer security, hacking, LLM, noncomputer hacks, phones, Security technology, Uncategorized, vulnerabilities

Back in the 1960s, if you played a 2,600Hz tone into an AT&T pay phone, you could make calls without paying. A phone hacker named John Draper noticed that the plastic whistle that came free in a box of Captain Crunch cereal worked to make the right sound. That became his hacker name, and everyone … Read More “LLMs’ Data-Control Path Insecurity” »

Backdoor in XZ Utils That Almost Happened

April 11, 2024 infossl

backdoors, cybersecurity, economics of security, hacking, linux, malware, open source, Security technology, social engineering, ssh, Uncategorized

Last week, the internet dodged a major nation-state attack that would have had catastrophic cybersecurity repercussions worldwide. It’s a catastrophe that didn’t happen, so it won’t get much attention—but it should. There’s an important moral to the story of the attack and its discovery: The security of the global internet depends on countless obscure pieces … Read More “Backdoor in XZ Utils That Almost Happened” »

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

April 9, 2024 infossl

china, email, hacking, microsoft, privacy, Security technology, Uncategorized

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board … Read More “US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack” »

xz Utils Backdoor

April 2, 2024 infossl

backdoors, cybersecurity, hacking, malware, open source, Security technology, social engineering, Uncategorized

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica: Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the … Read More “xz Utils Backdoor” »

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

March 27, 2024 infossl

cybersecurity, hacking, hotels, Internet of Things, locks, Security technology, Uncategorized, vulnerabilities

It’s pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker … Read More “Security Vulnerability in Saflok’s RFID-Based Keycard Locks” »

Jailbreaking LLMs with ASCII Art

March 12, 2024 infossl

academic papers, artificial intelligence, chatbots, hacking, LLM, Security technology, Uncategorized

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4, Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper. Powered by WPeMatico

A Taxonomy of Prompt Injection Attacks

March 8, 2024 infossl

academic papers, artificial intelligence, hacking, LLM, Security technology, Uncategorized

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ … Read More “A Taxonomy of Prompt Injection Attacks” »

Microsoft Executives Hacked

January 29, 2024 infossl

disclosure, hacking, microsoft, russia, Security technology, Uncategorized

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very … Read More “Microsoft Executives Hacked” »

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

December 21, 2023 infossl

cyberattack, cyberwar, hacking, russia, Security technology, telecom, ukraine, Uncategorized

The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022. Powered by WPeMatico