Hacking – Page 2 – WindowsTechs.com

Chinese hackers target family members to surveil hard targets

Posted on March 26, 2024 by eliasgroll

To surveil security conscious politicians and dissidents, hackers linked to Beijing are increasingly targeting their spouses and relatives.

The post Chinese hackers target family members to surveil hard targets appeared first on CyberScoop.

Continue reading Chinese hackers target family members to surveil hard targets→

Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More

Posted on March 21, 2024 by Deeba Ahmed

By Deeba Ahmed
Pwn2Own is back!
This is a post from HackRead.com Read the original post: Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More
Continue reading Pwn2Own 2024 Awards $700k as Hackers Pwn Tesla, Browsers, and More→

Jailbreaking LLMs with ASCII Art

Posted on March 12, 2024 by Bruce Schneier

Researchers have demonstrated that putting words in ASCII art can cause LLMs—GPT-3.5, GPT-4, Gemini, Claude, and Llama2—to ignore their safety instructions.
Research paper.
Continue reading Jailbreaking LLMs with ASCII Art→

Russian hackers accessed Microsoft source code

Posted on March 8, 2024 by eliasgroll

An incident attributed to the Russian hacking crew Cozy Bear that was first disclosed in January continues to affect Microsoft systems.

The post Russian hackers accessed Microsoft source code appeared first on CyberScoop.

Continue reading Russian hackers accessed Microsoft source code →

A Taxonomy of Prompt Injection Attacks

Posted on March 8, 2024 by Bruce Schneier

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.”

Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition

Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts…

Continue reading A Taxonomy of Prompt Injection Attacks→

ALPHV website goes down amid growing fallout from Change Healthcare attack

Posted on March 1, 2024 by AJ Vicens

Medical providers are under financial pressure and patients are facing challenges in filling prescriptions due to the ransomware attack.

The post ALPHV website goes down amid growing fallout from Change Healthcare attack appeared first on CyberScoop.

Continue reading ALPHV website goes down amid growing fallout from Change Healthcare attack→

CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info

Posted on March 1, 2024 by Waqas

By Waqas
In an exclusive statement to Hackread.com, CutOut.Pro denied the breach and labeled the leak as a ‘clear scam.’
This is a post from HackRead.com Read the original post: CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info
Continue reading CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info→

China Surveillance Company Hacked

Posted on February 27, 2024 by Bruce Schneier

Last week, someone posted something like 570 files, images and chat logs from a Chinese company called I-Soon. I-Soon sells hacking and espionage services to Chinese national and local government.
Lots of details in the news articles.
These aren’… Continue reading China Surveillance Company Hacked→

AIs Hacking Websites

Posted on February 23, 2024 by Bruce Schneier

New research:

LLM Agents can Autonomously Hack Websites

Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity. However, not much is known about the offensive capabilities of LLM agents.

In this work, we show that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand. This capability is uniquely enabled by frontier models that are highly capable of tool use and leveraging extended context. Namely, we show that GPT-4 is capable of such hacks, but existing open-source models are not. Finally, we show that GPT-4 is capable of autonomously finding vulnerabilities in websites in the wild. Our findings raise questions about the widespread deployment of LLMs…

Continue reading AIs Hacking Websites→

Microsoft rolls out expanded logging six months after Chinese breach

Posted on February 21, 2024 by eliasgroll

The technology giant has come under heavy criticism for not making robust logging features available by default.

The post Microsoft rolls out expanded logging six months after Chinese breach appeared first on CyberScoop.

Continue reading Microsoft rolls out expanded logging six months after Chinese breach→