spatwei shared an article from SC World: Attacks on large language models (LLMs) take less than a minute to complete on average, and leak sensitive data 90% of the time when successful, according to Pillar Security.

Pillar's State of Attacks on GenAI report, published Wednesday, revealed new insights on LLM attacks and jailbreaks, based on telemetry data and real-life attack examples from more than 2,000 AI applications. LLM jailbreaks successfully bypass model guardrails in one out of every five attempts, the Pillar researchers also found, with the speed and ease of LLM exploits demonstrating the risks posed by the growing generative AI (GenAI) attack surface...

The more than 2,000 LLM apps studied for the State of Attacks on GenAI report spanned multiple industries and use cases, with virtual customer support chatbots being the most prevalent use case, making up 57.6% of all apps.
Common jailbreak techniques included "ignore previous instructions" and "ADMIN override", or just using base64 encoding. "The Pillar researchers found that attacks on LLMs took an average of 42 seconds to complete, with the shortest attack taking just 4 seconds and the longest taking 14 minutes to complete.

"Attacks also only involved five total interactions with the LLM on average, further demonstrating the brevity and simplicity of attacks."

wiredmikey writes: As the dust settles following the massive Windows BSOD tech outages caused by CrowdStrike in July 2024, the question is now, how do we prevent this happening again? While there was no current way Microsoft could have prevented this incident, the OS firm is obviously keen to prevent anything similar happening in the future. SecurityWeek talked to David Weston, VP enterprise and OS security at Microsoft, to discuss Windows kernel access and safe deployment practices (or SDP).
Former Ukranian officer Serhii "Flash" Beskrestnov created a Signal channel where military communications specialists could talk with civilian radio experts, reports MIT's Technology Review. But radio communications are crucial for drones, so... About once a month, he drives hundreds of kilometers east in a homemade mobile intelligence center: a black VW van in which stacks of radio hardware connect to an array of antennas on the roof that stand like porcupine quills when in use. Two small devices on the dash monitor for nearby drones. Over several days at a time, Flash studies the skies for Russian radio transmissions and tries to learn about the problems facing troops in the fields and in the trenches.

He is, at least in an unofficial capacity, a spy. But unlike other spies, Flash does not keep his work secret. In fact, he shares the results of these missions with more than 127,000 followers — including many soldiers and government officials — on several public social media channels. Earlier this year, for instance, he described how he had recorded five different Russian reconnaissance drones in a single night — one of which was flying directly above his van... Drones have come to define the brutal conflict that has now dragged on for more than two and a half years. And most rely on radio communications — a technology that Flash has obsessed over since childhood. So while Flash is now a civilian, the former officer has still taken it upon himself to inform his country's defense in all matters related to radio...

Flash has also become a source of some controversy among the upper echelons of Ukraine's military, he tells me. The Armed Forces of Ukraine declined multiple requests for comment, but Flash and his colleagues claim that some high-ranking officials perceive him as a security threat, worrying that he shares too much information and doesn't do enough to secure sensitive intel... [But] His work has become greatly important to those fighting on the ground, and he recently received formal recognition from the military for his contributions to the fight, with two medals of commendation — one from the commander of Ukraine's ground forces, the other from the Ministry of Defense...

And given the mounting evidence that both militaries and militant groups in other parts of the world are now adopting drone tactics developed in Ukraine, it's not only his country's fate that Flash may help to determine — but also the ways that armies wage war for years to come.
He's also written guides on building cheap anti-drone equipment...

Formed in 2021 by cybersecurity professionals (and backed by high-powered VCs including Dell Technologies Capital), Halcyon sells an enterprise-grade anti-ransomware platform.

And this month they announced they're offering protection against ransomware attacks targeting Linux systems, according to Linux magazine: According to Cynet, Linux ransomware attacks increased by 75 percent in 2023 and are expected to continue to climb as more bad actors target Linux deployments... "While Windows is the favorite for desktops, Linux dominates the market for supercomputers and servers."
Here's how Halcyon's announcement made their pitch: "When it comes to ransomware protection, organizations typically prioritize securing Windows environments because that's where the ransomware operators were focusing most of their attacks. However, Linux-based systems are at the core of most any organization's infrastructure, and protecting these systems is often an afterthought," said Jon Miller, CEO & Co-founder, Halcyon. "The fact that Linux systems usually are always on and available means they provide the perfect beachhead for establishing persistence and moving laterally in a targeted network, and they can be leveraged for data theft where the exfiltration is easily masked by normal network traffic. As more ransomware operators are developing the capability to target Linux systems alongside Windows, it is imperative that organizations have the ability to keep pace with the expanded threat."

Halcyon Linux, powered through the Halcyon Anti-Ransomware Platform, uniquely secures Linux-based systems offering comprehensive protection and rapid response capabilities... Halcyon Linux monitors and detects ransomware-specific behaviors such as unauthorized access, lateral movement, or modification of critical files in real-time, providing instant alerts with critical context... When ransomware is suspected or detected, the Halcyon Ransomware Response Engine allows for rapid response and action.... Halcyon Data Exfiltration Protection (DXP) identifies and blocks unauthorized data transfers to protect sensitive information, safeguarding the sensitive data stored in Linux-based systems and endpoints...

Halcyon Linux runs with minimal resource impact, ensuring critical environments such as database servers or virtualized workloads, maintain the same performance.
And in addition, Halcyon offers "an around the clock Threat Response team, reviewing and responding to alerts," so your own corporate security teams "can attend to other pressing priorities..."

Casio confirmed it suffered a ransomware attack earlier this month, resulting in the theft of personal and confidential data from employees, job candidates, business partners, and some customers. Although customer payment data was not compromised, Casio warns the impact may broaden as the investigation continues. BleepingComputer reports: The attack was disclosed Monday when Casio warned that it was facing system disruption and service outages due to unauthorized access to its networks during the weekend. Yesterday, the Underground ransomware group claimed responsibility for the attack, leaking various documents allegedly stolen from the Japanese tech giant's systems. Today, after the data was leaked, Casio published a new statement that admits that sensitive data was stolen during the attack on its network.

As to the current results of its ongoing investigation, Casio says the following information has been confirmed as likely compromised:

- Personal data of both permanent and temporary/contract employees of Casio and its affiliated companies.
- Personal details related to business partners of Casio and certain affiliates.
- Personal information of individuals who have interviewed for employment with Casio in the past.
- Personal information related to customers using services provided by Casio and its affiliated companies.
- Details related to contracts with current and past business partners.
- Financial data regarding invoices and sales transactions.
- Documents that include legal, financial, human resources planning, audit, sales, and technical information from within Casio and its affiliates.

Ecovacs robot vacuums have been hacked across the U.S. to shout racial slurs at unsuspecting people. VICE News reports: The issue is specifically with Ecovacs' Deebot X2 model. The hackers gained control of the devices and used the onboard speakers to blast racial slurs at anyone within earshot. One such person was a lawyer from Minnesota named Daniel Swenson. He was watching TV when he heard some odd noises coming from the direction of his vacuum. He changed the password and restarted it. But then the odd sounds started up again. And then it started shouting racial slurs at him like a surly disgruntled maid.

There were multiple reports of similar incidents across the United States and around the same time. One of them happened in Los Angeles, where a vacuum chased a dog while spewing hate. Another happened in El Paso, where the vac spewed slurs until it's owner turned it off. The attacks are apparently quite easy to pull off thanks to several known security vulnerabilities in Ecovacs, like a bad Bluetooth connector and a defective PIN system that is intended to safeguard video feeds and remote access but actually doesn't do any of that at all. A pair of cybersecurity researchers released a report on Ecovacs detailing the brand's multiple security flaws earlier this year.

An APT hacking group known as GoldenJackal has successfully breached air-gapped government systems in Europe using two custom toolsets to steal sensitive data, like emails, encryption keys, images, archives, and documents. From a report: According to an ESET report, this happened at least two times, one against the embassy of a South Asian country in Belarus in September 2019 and again in July 2021, and another against a European government organization between May 2022 and March 2024. In May 2023, Kaspersky warned about GoldenJackal's activities, noting that the threat actors focus on government and diplomatic entities for purposes of espionage. Although their use of custom tools spread over USB pen drives, like the 'JackalWorm,' was known, cases of a successful compromise of air-gapped systems were not previously confirmed.

U.S. officials are racing to understand the full scope of a China-linked hack of major U.S. broadband providers, as concerns mount from members of Congress that the breach could amount to a devastating counterintelligence failure. From a report: Federal authorities and cybersecurity investigators are probing the breaches of Verizon Communications, AT&T and Lumen Technologies. A stealthy hacking group known as Salt Typhoon tied to Chinese intelligence is believed to be responsible. The compromises may have allowed hackers to access information from systems the federal government uses for court-authorized network wiretapping requests, The Wall Street Journal reported last week.

Among the concerns are that the hackers may have essentially been able to spy on the U.S. government's efforts to surveil Chinese threats, including the FBI's investigations. The House Select Committee on China sent letters Thursday asking the three companies to describe when they became aware of the breaches and what measures they are taking to protect their wiretap systems from attack. Spokespeople for AT&T, Lumen and Verizon declined to comment on the attack. A spokesman at the Chinese Embassy in Washington has denied that Beijing is responsible for the alleged breaches.

Combined with other Chinese cyber threats, news of the Salt Typhoon assault makes clear that "we face a cyber-adversary the likes of which we have never confronted before," Rep. John Moolenaar, the Republican chairman of the House Select Committee Committee on China, and Raja Krishnamoorthi, the panel's top Democrat, said in the letters. "The implications of any breach of this nature would be difficult to overstate," they said. Hackers still had access to some parts of U.S. broadband networks within the last week, and more companies were being notified that their networks had been breached, people familiar with the matter said. Investigators remain in the dark about precisely what the hackers were seeking to do, according to people familiar with the response.

TechCrunch's Carly Page reports: Fidelity Investments, one of the world's largest asset managers, has confirmed that over 77,000 customers had personal information compromised during an August data breach, including Social Security numbers and driver's licenses. The Boston, Massachusetts-based investment firm said in a filing with Maine's attorney general on Wednesday that an unnamed third party accessed information from its systems between August 17 and August 19 "using two customer accounts that they had recently established."

"We detected this activity on August 19 and immediately took steps to terminate the access," Fidelity said in a letter sent to those affected, adding that the incident did not involve any access to customers' Fidelity accounts. Fidelity confirmed that a total of 77,099 customers were affected by the breach, and its completed review of the compromised data determined that customers' personal information was affected. When reached by TechCrunch, Fidelity did not say how the creation of two Fidelity customer accounts allowed access to the data of thousands of other customers.

In another data breach notice filed with New Hampshire's attorney general, Fidelity revealed that the third party "accessed and retrieved certain documents related to Fidelity customers and other individuals by submitting fraudulent requests to an internal database that housed images of documents pertaining to Fidelity customers." Fidelity said the data breach included customers' Social Security numbers and driver's licenses, according to a separate data breach notice filed by Fidelity with the Massachusetts' attorney general. No information about the breach was found on Fidelity's website at the time of writing.

Microsoft is enhancing passkey support in Windows 11 with a redesigned Windows Hello experience that allows users to sync passkeys to their Microsoft account or third-party providers like 1Password and Bitwarden. The Verge reports: A new API for third-party password and passkey managers means developers can plug directly into the Windows 11 experience, so you can use the same passkey from your mobile device to authenticate on your PC. Right now it's possible in some apps to do this through QR codes and other ways to authenticate from a mobile device, but Microsoft's full support means the passkeys experience on Windows is about to get a lot better.

Microsoft is also redesigning the Windows Hello prompt, including the ability to setup syncing of passkeys to your Microsoft account or saving them elsewhere. Once you've completed a one-time setup process you can use facial recognition, fingerprint, or PIN to authenticate with a passkey across multiple Windows 11 devices. Windows Insiders will get access to these new passkey features "in the coming months."

An anonymous reader quotes a report from Gizmodo: The Internet Archive and Wayback Machine went down on Tuesday following a sustained cyber attack. In addition, the Archive's user data has been compromised. If you've ever logged into the site to pore over its ample archives, it's time to change your passwords. [...] A pro-Palestenian hacktivist group called SN_BLACKMETA has taken responsibility for the hack on X and Telegram. "They are under attack because the archive belongs to the USA, and as we all know, this horrendous and hypocritical government supports the genocide that is being carried out by the terrorist state of 'Israel,'" the group said on X when someone asked them why they'd gone after the Archive.

The group elaborated on its reasoning in a now-deleted post on X. Jason Scott, an archivist at the Archive, screenshotted it and shared it. "Everyone calls this organization 'non-profit', but if its roots are truly in the United States, as we believe, then every 'free' service they offer bleeds millions of lives. Foreign nations are not carrying their values beyond their borders. Many petty children are crying in the comments and most of those comments are from a group of Zionist bots and fake accounts," the post said.

SN_BLACKMETA also claimed responsibility for a six-day DDoS attack on the Archive back in May. "Since the attacks began on Sunday, the DDoS intrusion has been launching tens of thousands of fake information requests per second. The source of the attack is unknown," Chris Freeland, Director of Library Services at the Archive said in a post about the attacks back in May. SN_BLACKMETA launched its Telegram channel on November 23 and has claimed responsibility for a number of other attacks including a six-day DDoS run at Arab financial institutions and various attacks on Israeli tech companies in the spring.

smooth wombat writes: The Windows 11 24H2 update has had a host of issues associated with it including disappearing mouse cursors and blue screens related to Intel drivers. Now comes word that the new update leaves behind over 8 GB of undeletable cache files.

According to Windows Latest, attempts to delete the cache via the Control Panel are unsuccessful. Although you can select the cache for deletion and initiate the deletion process, the cache remains. Various other methods to remove the Windows update cache failed, too. It only cleared after a clean Windows installation altogether.

Retailers across the U.S. are grappling with the aftermath of Redbox's bankruptcy, tasked with removing 24,000 abandoned DVD-dispensing machines. CVS, Walgreens, Walmart, and others are facing logistical challenges and potential safety hazards, according to WSJ. The 890-pound kiosks, often hardwired into stores' electrical systems, require specialized removal.

Further reading: Redbox App Axed, Dashing People's Hopes of Keeping Purchased Content.

Alypius shares a report from 9to5Mac: It was revealed this weekend that Chinese hackers managed to access systems run by three of the largest internet service providers (ISPs) in the US. What's notable about the attack is that it compromised security backdoors deliberately created to allow for wiretaps by US law enforcement. [...] Apple famously refused the FBI's request to create a backdoor into iPhones to help access devices used by shooters in San Bernardino and Pensacola. The FBI was subsequently successful in accessing all the iPhones concerned without the assistance it sought.

Our arguments against such backdoors predate both cases, when Apple spoke out on the issue in the wake of terrorist attacks in Paris more than a decade ago: "Apple is absolutely right to say that the moment you build in a backdoor for use by governments, it will only be a matter of time before hackers figure it out. You cannot have an encryption system which is only a little bit insecure any more than you can be a little bit pregnant. Encryption systems are either secure or they're not -- and if they're not then it's a question of when, rather than if, others are able to exploit the vulnerability."

This latest case perfectly illustrates the point. The law required ISPs to create backdoors that could be used for wiretaps by US law enforcement, and hackers have now found and accessed them. Exactly the same would be true if Apple created backdoors into iPhones.

BleepingComputer's Lawrence Abrams: Internet Archive's "The Wayback Machine" has suffered a data breach after a threat actor compromised the website and stole a user authentication database containing 31 million unique records. News of the breach began circulating Wednesday afternoon after visitors to archive.org began seeing a JavaScript alert created by the hacker, stating that the Internet Archive was breached.

"Have you ever felt like the Internet Archive runs on sticks and is constantly on the verge of suffering a catastrophic security breach? It just happened. See 31 million of you on HIBP!," reads a JavaScript alert shown on the compromised archive.org site. The text "HIBP" refers to is the Have I Been Pwned data breach notification service created by Troy Hunt, with whom threat actors commonly share stolen data to be added to the service.

Hunt told BleepingComputer that the threat actor shared the Internet Archive's authentication database nine days ago and it is a 6.4GB SQL file named "ia_users.sql." The database contains authentication information for registered members, including their email addresses, screen names, password change timestamps, Bcrypt-hashed passwords, and other internal data. Hunt says there are 31 million unique email addresses in the database, with many subscribed to the HIBP data breach notification service. The data will soon be added to HIBP, allowing users to enter their email and confirm if their data was exposed in this breach.

OpenAI said a group with apparent ties to China tried to carry out a phishing attack on its employees, reigniting concerns that bad actors in Beijing want to steal sensitive information from top US artificial intelligence companies. From a report: The AI startup said Wednesday that a suspected China-based group called SweetSpecter posed as a user of OpenAI's chatbot ChatGPT earlier this year and sent customer support emails to staff. The emails included malware attachments that, if opened, would have allowed SweetSpecter to take screenshots and exfiltrate data, OpenAI said, but the attempt was unsuccessful.

"OpenAI's security team contacted employees who were believed to have been targeted in this spear phishing campaign and found that existing security controls prevented the emails from ever reaching their corporate emails," OpenAI said. The disclosure highlights the potential cybersecurity risks for leading AI companies as the US and China are locked in a high-stakes battle for artificial intelligence supremacy. In March, for example, a former Google engineer was charged with stealing AI trade secrets for a Chinese firm.

AmiMoJo writes: A treaty finalized by the UK may bring about the end of the .io domain. Last week, the British government announced that it has agreed to give up ownership of the Chagos Islands, a territory in the Indian Ocean it has controlled since 1814 -- relinquishing the .io domain with it.

The Internet Assigned Numbers Authority (IANA) has a process for retiring old country code domains within five years (with the possibility for extensions). The IANA established this rule after the Soviet Union's .su domain lingered after its collapse, becoming a domain commonly used among cybercriminals. Since then, IANA has also had to retire the .yu domain previously used for Yugoslavia, but it remained operational for years following the country's breakup while government websites transitioned to new domains. And while the independent Solomon Islands does have the domain name .sb, where 'B' stands for how it used to be a British protectorate, that domain was registered decades after it achieved independence. The UK still has the inactive .gb domain as well, but it's considering getting rid of it.

An anonymous reader quotes a report from TechCrunch: U.S. money transfer giant MoneyGram has confirmed that hackers stole its customers' personal information and transaction data during a cyberattack last month. The company said in a statement Monday that an unauthorized third party "accessed and acquired" customer data during the cyberattack on September 20. The cyberattack -- the nature of which remains unknown -- sparked a week-long outage that resulted in the company's website and app falling offline. MoneyGram says it serves over 50 million people in more than 200 countries and territories each year.

The stolen customer data includes names, phone numbers, postal and email addresses, dates of birth, and national identification numbers. The data also includes a "limited number" of Social Security numbers and government identification documents, such as driver's licenses and other documents that contain personal information, like utility bills and bank account numbers. MoneyGram said the types of stolen data will vary by individual. MoneyGram said that the stolen data also included transaction information, such as dates and amounts of transactions, and, "for a limited number of consumers, criminal investigation information (such as fraud)."

Veteran Microsoft engineer Larry Osterman is the latest to throw his hat into the "tabs versus spaces" ring. From a report: The debate has vexed engineers for decades -- is it best to indent code with tabs or spaces? Osterman, a four-decade veteran of Microsoft, was Team Tabs when storage was tight, but has since become Team Spaces with the advent of terabytes of relatively inexpensive storage. "Here's the thing," he said. "When you've got 512 kilobytes, and you're writing a program in Pascal with lots of indentation, if you're taking eight bytes for every one of those indentations, for eight spaces, you could save seven bytes in your program by using a tab character."

It all added up, even when floppy disks were part of the equation.

However, according to Osterman, things have changed. Storage is less of an issue, so why not use spaces? A cynic might wonder if that sort of attitude has led to the bloatware of today, where software requires ever-increasing amounts of storage in return for precious little extra functionality and a never-ending stream of patches. Any decent compiler should strip out any extraneous characters, assuming the code is indeed being compiled beforehand and not interpreted at run-time. For his part, Osterman is now a member of team spaces. "I like spaces simply because it always works and it's always consistent," he said.

IT services and consulting company Cognizant engaged in a pattern of discriminatory conduct toward non-Indian workers and should pay punitive damages to compensate employees who suffered harm, a US jury found. From a report: The verdict came after the IT firm failed to persuade a Los Angeles federal judge last month to toss a 2017 job bias class-action lawsuit when a previous trial ended with a deadlocked jury. A Cognizant spokesperson said the company is disappointed with the verdict and plans to appeal. "We provide equal employment opportunities for all employees and have built a diverse and inclusive workplace that promotes a culture of belonging in which all employees feel valued, are engaged and have the opportunity to develop and succeed," Jeff DeMarrais said in an emailed statement.

Bloomberg News reported in July that the Teaneck, New Jersey-based company was among a handful of outsourcing firms exploiting loopholes in the H1-B visa lottery system. The company defended its practices, saying it's fully compliant with US laws on the visa process. Cognizant also said that in recent years it has increased its US hiring and reduced its dependence on the H1-B program.

Apple has rolled out an update to macOS 15 Sequoia that addresses compatibility issues with third-party security software that emerged in the initial release. The update, macOS 15.0.1, aims to resolve problems affecting products from CrowdStrike and Microsoft. The compatibility problems had disrupted the functionality of several cybersecurity tools when macOS 15 first launched in September.