Tag: data exfiltration
-
Hacker News: European govt air-gapped systems breached using custom malware
Source URL: https://www.welivesecurity.com/en/eset-research/mind-air-gap-goldenjackal-gooses-government-guardrails/ Source: Hacker News Title: European govt air-gapped systems breached using custom malware Feedly Summary: Comments AI Summary and Description: Yes Summary: This text presents an extensive analysis of the GoldenJackal APT group’s cyberespionage activities, notably their attacks on air-gapped systems within governmental organizations in Europe. It introduces previously undocumented malware tools employed…
-
Microsoft Security Blog: Storm-0501: Ransomware attacks expanding to hybrid cloud environments
Source URL: https://www.microsoft.com/en-us/security/blog/2024/09/26/storm-0501-ransomware-attacks-expanding-to-hybrid-cloud-environments/ Source: Microsoft Security Blog Title: Storm-0501: Ransomware attacks expanding to hybrid cloud environments Feedly Summary: Microsoft has observed the threat actor tracked as Storm-0501 launching a multi-staged attack where they compromised hybrid cloud environments and performed lateral movement from on-premises to cloud environment, leading to data exfiltration, credential theft, tampering, persistent backdoor…
-
Embrace The Red: Spyware Injection Into Your ChatGPT’s Long-Term Memory (SpAIware)
Source URL: https://embracethered.com/blog/posts/2024/chatgpt-macos-app-persistent-data-exfiltration/ Source: Embrace The Red Title: Spyware Injection Into Your ChatGPT’s Long-Term Memory (SpAIware) Feedly Summary: This post explains an attack chain for the ChatGPT macOS application. Through prompt injection from untrusted data, attackers could insert long-term persistent spyware into ChatGPT’s memory. This led to continuous data exfiltration of any information the user…
-
The Register: Chinese spies spent months inside aerospace engineering firm’s network via legacy IT
Source URL: https://www.theregister.com/2024/09/18/chinese_spies_found_on_us_hq_firm_network/ Source: The Register Title: Chinese spies spent months inside aerospace engineering firm’s network via legacy IT Feedly Summary: Getting sloppy, Xi Exclusive Chinese state-sponsored spies have been spotted inside a global engineering firm’s network, having gained initial entry using an admin portal’s default credentials on an IBM AIX server.… AI Summary and…
-
The Register: Google Cloud Document AI flaw (still) allows data theft despite bounty payout
Source URL: https://www.theregister.com/2024/09/17/google_cloud_document_ai_flaw/ Source: The Register Title: Google Cloud Document AI flaw (still) allows data theft despite bounty payout Feedly Summary: Chocolate Factory downgrades risk, citing the need for attacker access Overly permissive settings in Google Cloud’s Document AI service could be abused by data thieves to break into Cloud Storage buckets and steal sensitive…
-
Hacker News: Pixhell Attack: Leaking Info from Air-Gap Computers via ‘Singing Pixels’
Source URL: https://arxiv.org/abs/2409.04930 Source: Hacker News Title: Pixhell Attack: Leaking Info from Air-Gap Computers via ‘Singing Pixels’ Feedly Summary: Comments AI Summary and Description: Yes Summary: The PIXHELL attack exploits air-gapped systems by using sound generated from computer screens to leak sensitive information, circumventing traditional security measures. This paper highlights a novel method for data…
-
Slashdot: SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images
Source URL: https://it.slashdot.org/story/24/09/06/220250/spyagent-android-malware-steals-your-crypto-recovery-phrases-from-images?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: SpyAgent Android Malware Steals Your Crypto Recovery Phrases From Images Feedly Summary: AI Summary and Description: Yes Summary: The text discusses the SpyAgent Android malware, highlighting its use of optical character recognition (OCR) to steal sensitive cryptocurrency wallet information. Notably targeting South Korea, this malware threatens to extend its…
-
Embrace The Red: Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information
Source URL: https://embracethered.com/blog/posts/2024/m365-copilot-prompt-injection-tool-invocation-and-data-exfil-using-ascii-smuggling/ Source: Embrace The Red Title: Microsoft Copilot: From Prompt Injection to Exfiltration of Personal Information Feedly Summary: This post describes vulnerability in Microsoft 365 Copilot that allowed the theft of a user’s emails and other personal information. This vulnerability warrants a deep dive, because it combines a variety of novel attack techniques…
-
Embrace The Red: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed.
Source URL: https://embracethered.com/blog/posts/2024/google-ai-studio-data-exfiltration-now-fixed/ Source: Embrace The Red Title: Google AI Studio: LLM-Powered Data Exfiltration Hits Again! Quickly Fixed. Feedly Summary: Recently, I found what appeared to be a regression or bypass that again allowed data exfiltration via image rendering during prompt injection. See the previous post here. Data Exfiltration via Rendering HTML Image Tags During…