hacking – Page 2 – SSL and internet security news

US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack

April 9, 2024 infossl

china, email, hacking, microsoft, privacy, Security technology, Uncategorized

US Cyber Safety Review Board released a report on the summer 2023 hack of Microsoft Exchange by China. It was a serious attack by the Chinese government that accessed the emails of senior U.S. government officials. From the executive summary: The Board finds that this intrusion was preventable and should never have occurred. The Board … Read More “US Cyber Safety Review Board on the 2023 Microsoft Exchange Hack” »

xz Utils Backdoor

April 2, 2024 infossl

backdoors, cybersecurity, hacking, malware, open source, Security technology, social engineering, Uncategorized

The cybersecurity world got really lucky last week. An intentionally placed backdoor in xz Utils, an open-source compression utility, was pretty much accidentally discovered by a Microsoft engineer—weeks before it would have been incorporated into both Debian and Red Hat Linux. From ArsTehnica: Malicious code added to xz Utils versions 5.6.0 and 5.6.1 modified the … Read More “xz Utils Backdoor” »

Security Vulnerability in Saflok’s RFID-Based Keycard Locks

March 27, 2024 infossl

cybersecurity, hacking, hotels, Internet of Things, locks, Security technology, Uncategorized, vulnerabilities

It’s pretty devastating: Today, Ian Carroll, Lennert Wouters, and a team of other security researchers are revealing a hotel keycard hacking technique they call Unsaflok. The technique is a collection of security vulnerabilities that would allow a hacker to almost instantly open several models of Saflok-brand RFID-based keycard locks sold by the Swiss lock maker … Read More “Security Vulnerability in Saflok’s RFID-Based Keycard Locks” »

Jailbreaking LLMs with ASCII Art

March 12, 2024 infossl

academic papers, artificial intelligence, chatbots, hacking, LLM, Security technology, Uncategorized

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4, Gemini, Claude, and Llama2—to ignore their safety instructions. Research paper. Powered by WPeMatico

A Taxonomy of Prompt Injection Attacks

March 8, 2024 infossl

academic papers, artificial intelligence, hacking, LLM, Security technology, Uncategorized

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ … Read More “A Taxonomy of Prompt Injection Attacks” »

Microsoft Executives Hacked

January 29, 2024 infossl

disclosure, hacking, microsoft, russia, Security technology, Uncategorized

Microsoft is reporting that a Russian intelligence agency—the same one responsible for SolarWinds—accessed the email system of the company’s executives. Beginning in late November 2023, the threat actor used a password spray attack to compromise a legacy non-production test tenant account and gain a foothold, and then used the account’s permissions to access a very … Read More “Microsoft Executives Hacked” »

Cyberattack on Ukraine’s Kyivstar Seems to Be Russian Hacktivists

December 21, 2023 infossl

cyberattack, cyberwar, hacking, russia, Security technology, telecom, ukraine, Uncategorized

The Solntsepek group has taken credit for the attack. They’re linked to the Russian military, so it’s unclear whether the attack was government directed or freelance. This is one of the most significant cyberattacks since Russia invaded in February 2022. Powered by WPeMatico

Online Retail Hack

November 9, 2023 infossl

A Hacker's Mind, fraud, hacking, noncomputer hacks, retail, Security technology, Uncategorized

Selling miniature replicas to unsuspecting shoppers: Online marketplaces sell tiny pink cowboy hats. They also sell miniature pencil sharpeners, palm-size kitchen utensils, scaled-down books and camping chairs so small they evoke the Stonehenge scene in “This Is Spinal Tap.” Many of the minuscule objects aren’t clearly advertised. […] But there is no doubt some online … Read More “Online Retail Hack” »

Crashing iPhones with a Flipper Zero

November 6, 2023 infossl

apple, bluetooth, denial of service, hacking, iphone, Security technology, Uncategorized

The Flipper Zero is an incredibly versatile hacking device. Now it can be used to crash iPhones in its vicinity by sending them a never-ending stream of pop-ups. These types of hacks have been possible for decades, but they require special equipment and a fair amount of expertise. The capabilities generally required expensive SDRs—short for software-defined … Read More “Crashing iPhones with a Flipper Zero” »

Hacking Scandinavian Alcohol Tax

October 30, 2023 infossl

A Hacker's Mind, hacking, noncomputer hacks, Security technology, Uncategorized

The islands of Åland are an important tax hack: Although Åland is part of the Republic of Finland, it has its own autonomous parliament. In areas where Åland has its own legislation, the group of islands essentially operates as an independent nation. This allows Scandinavians to avoid the notoriously high alcohol taxes: Åland is a … Read More “Hacking Scandinavian Alcohol Tax” »