Tag: data exfiltration
-
Embrace The Red: Spyware Injection Into Your ChatGPT’s Long-Term Memory (SpAIware)
Source URL: https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/ Source: Embrace The Red Title: Spyware Injection Into Your ChatGPT’s Long-Term Memory (SpAIware) Feedly Summary: This post explains an attack chain for the ChatGPT macOS application. Through prompt injection from untrusted data, attackers could insert long-term persistent spyware into ChatGPT’s memory. This led to continuous data exfiltration of any information the user…
-
The Register: Chinese spies spent months inside aerospace engineering firm’s network via legacy IT
Source URL: https://www.theregister.com/2024/09/18/chinese_spies_found_on_us_hq_firm_network/ Source: The Register Title: Chinese spies spent months inside aerospace engineering firm’s network via legacy IT Feedly Summary: Getting sloppy, Xi Exclusive Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server.… AI Summary and…
-
The Register: Google Cloud Document AI flaw (still) allows data theft despite bounty payout
Source URL: https://www.theregister.com/2024/09/17/google_cloud_document_ai_flaw/ Source: The Register Title: Google Cloud Document AI flaw (still) allows data theft despite bounty payout Feedly Summary: Chocolate Factory downgrades risk, citing the need for attacker access Overly permissive settings in Google Cloud’s Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive…
-
Hacker News: Pixhell Attack: Leaking Info from Air-Gap Computers via ‘Singing Pixels’
Source URL: https://arxiv.org/abs/2409.04930 Source: Hacker News Title: Pixhell Attack: Leaking Info from Air-Gap Computers via ‘Singing Pixels’ Feedly Summary: Comments AI Summary and Description: Yes Summary: The PIXHELL attack exploits air-gapped systems by using sound generated from computer screens to leak sensitive information, circumventing traditional security measures. This paper highlights a novel method for data…
-
Slashdot: SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images
Source URL: https://it.slashdot.org/story/24/09/06/220250/spyagent-android-malware-steals-your-crypto-recovery-phrases-from-images?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the SpyAgent Android malware, highlighting its use of optical character recognition (OCR) to steal sensitive cryptocurrency wallet information. Notably targeting South Korea, this malware threatens to extend its…
-
Embrace The Red: Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
Source URL: https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ Source: Embrace The Red Title: Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information Feedly Summary: This post describes vulnerability in Microsoft 365 Copilot that allowed the theft of a user’s emails and other personal information. This vulnerability warrants a deep dive, because it combines a variety of novel attack techniques…
-
Embrace The Red: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
Source URL: https://embracethered.com/blog/posts/2024/google-ai-studio-data-exfiltration-now-fixed/ Source: Embrace The Red Title: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed. Feedly Summary: Recently, I found what appeared to be a regression or bypass that again allowed data exfiltration via image rendering during prompt injection. See the previous post here. Data Exfiltration via Rendering HTML Image Tags During…
-
Simon Willison’s Weblog: Data Exfiltration from Slack AI via indirect prompt injection
Source URL: https://simonwillison.net/2024/Aug/20/data-exfiltration-from-slack-ai/ Source: Simon Willison’s Weblog Title: Data Exfiltration from Slack AI via indirect prompt injection Feedly Summary: Data Exfiltration from Slack AI via indirect prompt injection Today’s prompt injection data exfiltration vulnerability affects Slack. Slack AI implements a RAG-style chat search interface against public and private data that the user has access to,…
-
Hacker News: Attackers can exfil data with Slack AI
Source URL: https://promptarmor.substack.com/p/data-exfiltration-from-slack-ai-via Source: Hacker News Title: Attackers can exfil data with Slack AI Feedly Summary: Comments AI Summary and Description: Yes Summary: The text describes a critical vulnerability in Slack AI that allows attackers to exfiltrate sensitive information from private channels through prompt injection, specifically indirect prompt injection. This security issue is particularly relevant…
-
Hacker News: Host Your Own Copilot
Source URL: https://dublog.net/blog/open-weight-copilots/ Source: Hacker News Title: Host Your Own Copilot Feedly Summary: Comments AI Summary and Description: Yes Summary: The text discusses the implications of using coding co-pilots such as GitHub CoPilot and SourceGraph Cody, particularly in the context of privacy, data exfiltration, and the benefits of self-hosting alternatives. It emphasizes the availability of…