cyberattack – WindowsTechs.com

Dutch people advised to carry cash in case of cyberattack by Russia

Posted on December 13, 2024 by Dissent

Sarah McKenna Barry reports: The Dutch Central Bank has issued an unprecedented warning to the public to keep cash at home due to the risk of cyberattacks from Russia. Officials are concerned that cyberattacks have the potential to cause massive disrup… Continue reading Dutch people advised to carry cash in case of cyberattack by Russia→

Krispy Kreme cybersecurity incident disrupts online ordering

Posted on December 12, 2024 by Zeljka Zorz

Popular US doughnut chain Krispy Kreme has been having trouble with its online ordering system as well as digital payments at their brick-and-mortar shops since late November, and now we finally know why: an 8-K report filed with the US Securities and … Continue reading Krispy Kreme cybersecurity incident disrupts online ordering→

Race Condition Attacks against LLMs

Posted on November 29, 2024 by Bruce Schneier

These are two attacks against the system components surrounding LLMs:

We propose that LLM Flowbreaking, following jailbreaking and prompt injection, joins as the third on the growing list of LLM attack types. Flowbreaking is less about whether prompt or response guardrails can be bypassed, and more about whether user inputs and generated model outputs can adversely affect these other components in the broader implemented system.

[…]

When confronted with a sensitive topic, Microsoft 365 Copilot and ChatGPT answer questions that their first-line guardrails are supposed to stop. After a few lines of text they halt—seemingly having “second thoughts”—before retracting the original answer (also known as Clawback), and replacing it with a new one without the offensive content, or a simple error message. We call this attack “Second Thoughts.”…

Continue reading Race Condition Attacks against LLMs→

Prompt Injection Defenses Against LLM Cyberattacks

Posted on November 7, 2024 by Bruce Schneier

Interesting research: “Hacking Back the AI-Hacker: Prompt Injection as a Defense Against LLM-driven Cyberattacks“:

Large language models (LLMs) are increasingly being harnessed to automate cyberattacks, making sophisticated exploits more accessible and scalable. In response, we propose a new defense strategy tailored to counter LLM-driven cyberattacks. We introduce Mantis, a defensive framework that exploits LLMs’ susceptibility to adversarial inputs to undermine malicious operations. Upon detecting an automated cyberattack, Mantis plants carefully crafted inputs into system responses, leading the attacker’s LLM to disrupt their own operations (passive defense) or even compromise the attacker’s machine (active defense). By deploying purposefully vulnerable decoy services to attract the attacker and using dynamic prompt injections for the attacker’s LLM, Mantis can autonomously hack back the attacker. In our experiments, Mantis consistently achieved over 95% effectiveness against automated LLM-driven attacks. To foster further research and collaboration, Mantis is available as an open-source tool: …

Continue reading Prompt Injection Defenses Against LLM Cyberattacks→

Threat Actors Are Exploiting Vulnerabilities Faster Than Ever

Posted on October 23, 2024 by Cedric Pernet

It only takes five days on average for attackers to exploit a vulnerability, according to a new report. Continue reading Threat Actors Are Exploiting Vulnerabilities Faster Than Ever→

What’s behind the 51% drop in ransomware attacks?

Posted on October 18, 2024 by Jonathan Reed

In a world where cyber threats feel omnipresent, a recent report has revealed some unexpected good news: ransomware attacks on state and local governments have dropped by 51% in 2024. Still, this decline does not signal the end of the ransomware threat, nor should it lead to complacency. As the nature of ransomware evolves, so […]

The post What’s behind the 51% drop in ransomware attacks? appeared first on Security Intelligence.

Continue reading What’s behind the 51% drop in ransomware attacks?→

Fidelity Data Breach Exposes Data of Over 77,000 Customers

Posted on October 10, 2024 by Megan Crouse

An attacker snuck in by creating two new user accounts. Fidelity assures customers their investments aren’t affected. Continue reading Fidelity Data Breach Exposes Data of Over 77,000 Customers→

China Possibly Hacking US “Lawful Access” Backdoor

Posted on October 8, 2024 by Bruce Schneier

The Wall Street Journal is reporting that Chinese hackers (Salt Typhoon) penetrated the networks of US broadband providers, and might have accessed the backdoors that the federal government uses to execute court-authorized wiretap requests. Those backdoors have been mandated by law—CALEA—since 1994.

It’s a weird story. The first line of the article is: “A cyberattack tied to the Chinese government penetrated the networks of a swath of U.S. broadband providers.” This implies that the attack wasn’t against the broadband providers directly, but against one of the intermediary companies that sit between the government CALEA requests and the broadband providers…

Continue reading China Possibly Hacking US “Lawful Access” Backdoor→

American Water shuts down systems after cyberattack

Posted on October 8, 2024 by Zeljka Zorz

American Water, the largest water and wastewater utility company in the US, has shut down some of its systems following a cyberattack. While the company confirmed that none of its water or wastewater facilities or operations have been negatively affect… Continue reading American Water shuts down systems after cyberattack→

Cyberattack Causes MoneyGram Service Outage

Posted on September 24, 2024 by Ionut Arghire

MoneyGram’s money transfer services are down after the company took systems offline to contain a cyberattack.
The post Cyberattack Causes MoneyGram Service Outage appeared first on SecurityWeek.
Continue reading Cyberattack Causes MoneyGram Service Outage→