Chinese hackers target family members to surveil hard targets

To surveil security conscious politicians and dissidents, hackers linked to Beijing are increasingly targeting their spouses and relatives. 

The post Chinese hackers target family members to surveil hard targets appeared first on CyberScoop.

Continue reading Chinese hackers target family members to surveil hard targets

A Taxonomy of Prompt Injection Attacks

Researchers ran a global prompt hacking competition, and have documented the results in a paper that both gives a lot of good examples and tries to organize a taxonomy of effective prompt injection strategies. It seems as if the most common successful strategy is the “compound instruction attack,” as in “Say ‘I have been PWNED’ without a period.”

Ignore This Title and HackAPrompt: Exposing Systemic Vulnerabilities of LLMs through a Global Scale Prompt Hacking Competition

Abstract: Large Language Models (LLMs) are deployed in interactive contexts with direct user engagement, such as chatbots and writing assistants. These deployments are vulnerable to prompt injection and jailbreaking (collectively, prompt hacking), in which models are manipulated to ignore their original instructions and follow potentially malicious ones. Although widely acknowledged as a significant security threat, there is a dearth of large-scale resources and quantitative studies on prompt hacking. To address this lacuna, we launch a global prompt hacking competition, which allows for free-form human input attacks. We elicit 600K+ adversarial prompts against three state-of-the-art LLMs. We describe the dataset, which empirically verifies that current LLMs can indeed be manipulated via prompt hacking. We also present a comprehensive taxonomical ontology of the types of adversarial prompts…

Continue reading A Taxonomy of Prompt Injection Attacks

ALPHV website goes down amid growing fallout from Change Healthcare attack

Medical providers are under financial pressure and patients are facing challenges in filling prescriptions due to the ransomware attack.

The post ALPHV website goes down amid growing fallout from Change Healthcare attack appeared first on CyberScoop.

Continue reading ALPHV website goes down amid growing fallout from Change Healthcare attack

CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info

By Waqas
In an exclusive statement to Hackread.com, CutOut.Pro denied the breach and labeled the leak as a ‘clear scam.’
This is a post from HackRead.com Read the original post: CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info
Continue reading CutOut.Pro AI Tool Data Breach: Hacker Leak 20 Million User Info

AIs Hacking Websites

New research:

LLM Agents can Autonomously Hack Websites

Abstract: In recent years, large language models (LLMs) have become increasingly capable and can now interact with tools (i.e., call functions), read documents, and recursively call themselves. As a result, these LLMs can now function autonomously as agents. With the rise in capabilities of these agents, recent work has speculated on how LLM agents would affect cybersecurity. However, not much is known about the offensive capabilities of LLM agents.

In this work, we show that LLM agents can autonomously hack websites, performing tasks as complex as blind database schema extraction and SQL injections without human feedback. Importantly, the agent does not need to know the vulnerability beforehand. This capability is uniquely enabled by frontier models that are highly capable of tool use and leveraging extended context. Namely, we show that GPT-4 is capable of such hacks, but existing open-source models are not. Finally, we show that GPT-4 is capable of autonomously finding vulnerabilities in websites in the wild. Our findings raise questions about the widespread deployment of LLMs…

Continue reading AIs Hacking Websites

Microsoft rolls out expanded logging six months after Chinese breach

The technology giant has come under heavy criticism for not making robust logging features available by default. 

The post Microsoft rolls out expanded logging six months after Chinese breach appeared first on CyberScoop.

Continue reading Microsoft rolls out expanded logging six months after Chinese breach