• chevron_right

      Fujitsu says it found malware on its corporate network, warns of possible data breach

      news.movim.eu / ArsTechnica · Monday, 18 March - 19:44

    Fujitsu says it found malware on its corporate network, warns of possible data breach

    Enlarge (credit: Getty Images)

    Japan-based IT behemoth Fujitsu said it has discovered malware on its corporate network that may have allowed the people responsible to steal personal information from customers or other parties.

    “We confirmed the presence of malware on several of our company's work computers, and as a result of an internal investigation, it was discovered that files containing personal information and customer information could be illegally taken out,” company officials wrote in a March 15 notification that went largely unnoticed until Monday. The company said it continued to “investigate the circumstances surrounding the malware's intrusion and whether information has been leaked.” There was no indication how many records were exposed or how many people may be affected.

    Fujitsu employs 124,000 people worldwide and reported about $25 billion in its fiscal 2023, which ended at the end of last March. The company operates in 100 countries. Past customers include the Japanese government. Fujitsu’s revenue comes from sales of hardware such as computers, servers, and telecommunications gear, storage systems, software, and IT services.

    Read 3 remaining paragraphs | Comments

    • chevron_right

      « Une importante menace pour les Mac » : ce voleur de mot de passe est à prendre très au sérieux

      news.movim.eu / Numerama · Sunday, 17 March - 06:03

    Un nouvelle version d'un logiciel malveillant dédié au vol de mot passe a fait son apparition. Les pirates ont amélioré leur outil pour cibler les ordinateurs Mac.

    • chevron_right

      Attention aux cyberattaques : ces logiciels malveillants sont les plus dangereux

      news.movim.eu / JournalDuGeek · Friday, 15 March - 16:03

    Mot Passe Cadenas Donnees Personelles

    Alors que la France a été visée ces dernières semaines par plusieurs cyberattaques, une étude récente se penche sur les logiciels malveillants les plus utilisés par les hackers.
    • chevron_right

      Researchers create AI worms that can spread from one system to another

      news.movim.eu / ArsTechnica · Saturday, 2 March - 11:47 · 1 minute

    Researchers create AI worms that can spread from one system to another

    Enlarge (credit: Jacqui VanLiew; Getty Images)

    As generative AI systems like OpenAI's ChatGPT and Google's Gemini become more advanced, they are increasingly being put to work. Startups and tech companies are building AI agents and ecosystems on top of the systems that can complete boring chores for you : think automatically making calendar bookings and potentially buying products . But as the tools are given more freedom, it also increases the potential ways they can be attacked.

    Now, in a demonstration of the risks of connected, autonomous AI ecosystems, a group of researchers has created one of what they claim are the first generative AI worms—which can spread from one system to another, potentially stealing data or deploying malware in the process. “It basically means that now you have the ability to conduct or to perform a new kind of cyberattack that hasn't been seen before,” says Ben Nassi, a Cornell Tech researcher behind the research.

    Nassi, along with fellow researchers Stav Cohen and Ron Bitton, created the worm, dubbed Morris II, as a nod to the original Morris computer worm that caused chaos across the Internet in 1988. In a research paper and website shared exclusively with WIRED, the researchers show how the AI worm can attack a generative AI email assistant to steal data from emails and send spam messages—breaking some security protections in ChatGPT and Gemini in the process.

    Read 15 remaining paragraphs | Comments

    • chevron_right

      WhatsApp finally forces Pegasus spyware maker to share its secret code

      news.movim.eu / ArsTechnica · Friday, 1 March - 20:27

    WhatsApp finally forces Pegasus spyware maker to share its secret code

    Enlarge (credit: NurPhoto / Contributor | NurPhoto )

    WhatsApp will soon be granted access to explore the "full functionality" of the NSO Group's Pegasus spyware—sophisticated malware the Israeli Ministry of Defense has long guarded as a "highly sought" state secret, The Guardian reported .

    Since 2019, WhatsApp has pushed for access to the NSO's spyware code after alleging that Pegasus was used to spy on 1,400 WhatsApp users over a two-week period, gaining unauthorized access to their sensitive data, including encrypted messages. WhatsApp suing the NSO, Ars noted at the time, was "an unprecedented legal action" that took "aim at the unregulated industry that sells sophisticated malware services to governments around the world."

    Initially, the NSO sought to block all discovery in the lawsuit, "due to various US and Israeli restrictions," but that blanket request was denied. Then, last week, the NSO lost another fight to keep WhatsApp away from its secret code.

    Read 12 remaining paragraphs | Comments

    • Sc chevron_right

      LLM Prompt Injection Worm

      news.movim.eu / Schneier · Friday, 1 March - 19:34 · 2 minutes

    Researchers have demonstrated a worm that spreads through prompt injection. Details :

    In one instance, the researchers, acting as attackers, wrote an email including the adversarial text prompt, which “poisons” the database of an email assistant using retrieval-augmented generation (RAG) , a way for LLMs to pull in extra data from outside its system. When the email is retrieved by the RAG, in response to a user query, and is sent to GPT-4 or Gemini Pro to create an answer, it “jailbreaks the GenAI service” and ultimately steals data from the emails, Nassi says. “The generated response containing the sensitive user data later infects new hosts when it is used to reply to an email sent to a new client and then stored in the database of the new client,” Nassi says.

    In the second method, the researchers say, an image with a malicious prompt embedded makes the email assistant forward the message on to others. “By encoding the self-replicating prompt into the image, any kind of image containing spam, abuse material, or even propaganda can be forwarded further to new clients after the initial email has been sent,” Nassi says.

    It’s a natural extension of prompt injection. But it’s still neat to see it actually working.

    Research paper: “ ComPromptMized: Unleashing Zero-click Worms that Target GenAI-Powered Applications .

    Abstract: In the past year, numerous companies have incorporated Generative AI (GenAI) capabilities into new and existing applications, forming interconnected Generative AI (GenAI) ecosystems consisting of semi/fully autonomous agents powered by GenAI services. While ongoing research highlighted risks associated with the GenAI layer of agents (e.g., dialog poisoning, membership inference, prompt leaking, jailbreaking), a critical question emerges: Can attackers develop malware to exploit the GenAI component of an agent and launch cyber-attacks on the entire GenAI ecosystem?

    This paper introduces Morris II , the first worm designed to target GenAI ecosystems through the use of adversarial self-replicating prompts . The study demonstrates that attackers can insert such prompts into inputs that, when processed by GenAI models, prompt the model to replicate the input as output (replication), engaging in malicious activities (payload). Additionally, these inputs compel the agent to deliver them (propagate) to new agents by exploiting the connectivity within the GenAI ecosystem. We demonstrate the application of Morris II against GenAI-powered email assistants in two use cases (spamming and exfiltrating personal data), under two settings (black-box and white-box accesses), using two types of input data (text and images). The worm is tested against three different GenAI models (Gemini Pro, ChatGPT 4.0, and LLaVA), and various factors (e.g., propagation rate, replication, malicious activity) influencing the performance of the worm are evaluated.

    • chevron_right

      Hugging Face, the GitHub of AI, hosted code that backdoored user devices

      news.movim.eu / ArsTechnica · Friday, 1 March - 18:02

    Photograph depicts a security scanner extracting virus from a string of binary code. Hand with the word "exploit"

    Enlarge (credit: Getty Images)

    Code uploaded to AI developer platform Hugging Face covertly installed backdoors and other types of malware on end-user machines, researchers from security firm JFrog said Thursday in a report that’s a likely harbinger of what’s to come.

    In all, JFrog researchers said, they found roughly 100 submissions that performed hidden and unwanted actions when they were downloaded and loaded onto an end-user device. Most of the flagged machine learning models—all of which went undetected by Hugging Face—appeared to be benign proofs of concept uploaded by researchers or curious users. JFrog researchers said in an email that 10 of them were “truly malicious” in that they performed actions that actually compromised the users’ security when loaded.

    Full control of user devices

    One model drew particular concern because it opened a reverse shell that gave a remote device on the Internet full control of the end user’s device. When JFrog researchers loaded the model into a lab machine, the submission indeed loaded a reverse shell but took no further action.

    Read 17 remaining paragraphs | Comments

    • chevron_right

      Pirate Sites With Malicious Ads Face Restrictions Under New Initiative

      news.movim.eu / TorrentFreak · Thursday, 29 February - 19:10 · 4 minutes

    malware-s1 There was a time when visiting a pirate site was much like visiting any other. Keen to attract eyeballs wherever they might be, many of the world’s biggest brands exchanged cold hard cash for an appearance on prominent pirate portals.

    Over time and as the thorny issue of funding illicit platforms gained traction, companies including Ford, Toyota, Nissan, Mazda and Volvo came under increasing pressure. The same held true for other household names, such as tech giant Samsung , along with Nokia, Canon, Carlsberg, even Coca Cola.

    These companies weren’t deliberately placing ads on pirate sites, but their ads kept turning up on them nonetheless.

    Goodbye Quality Brands

    As brand protection became increasingly important during the previous decade, companies such as White Bullet provided intelligence on which sites to avoid, with similar lists deployed to facilitate the work of the UK’s Infringing Website List , among others. In the United States, the formation of the Trustworthy Accountability Group (TAG) in 2015 saw advertisers and advertising agencies come together to clean up the system and prevent ad revenue from reaching pirate sites.

    TAG enjoys considerable support; Amazon, Disney, Google, Meta, NBC, Sky, and Spotify, among others, sit on TAG’s Leadership Council. Most were around in 2019 when TAG launched Project Brand Integrity , an initiative to prevent valuable brands’ advertising ending up next to potato-quality copies of Hollywood movies and other unauthorized content.

    Half a Decade Later, TAG Upgrades

    While TAG says that v1.0 has performed well, on Wednesday it announced Project Brand Integrity 2.0. More easily scalable than its predecessor, PBI 2.0 still aims to defund pirate sites and protect advertisers from undesirable associations. If all goes to plan, it will be quicker to react and more responsive to domain hopping too.

    “Project Brand Integrity 1.0 was incredibly effective but hard to scale, as it involved a time-consuming manual process of notifying advertisers when their ads were found on pirate sites,” says Mike Zaneis, CEO of TAG.

    “Although most advertisers took action when alerted to such misplacements, the money often had already changed hands, and the criminals quickly moved their efforts to new domains.”

    Excluded From Ads, Pirates Welcomed to Exclusion List

    Also receiving an upgrade is TAG’s database of pirate sites, which is shared within the industry to help advertisers avoid undesirable platforms. This ‘exclusion list’ is maintained and developed through intelligence sharing at TAG’s AdSec Threat Exchange , where members collaborate with participating companies, utilize open source resources, and share information on pirate domains.

    The resulting list aims to limit pirate sites’ access to advertisers, thereby reducing their ability to generate revenue from advertising.

    “Through PBI 2.0, TAG will leverage new partnerships with the industry’s major ad tech intermediaries to cut off funding from pirate websites through a comprehensive pre-bid exclusion list, thus preventing pirate sites from monetizing stolen intellectual property (IP),” TAG says.

    “By incorporating real-time intelligence on new pirate domains from TAG’s Ad Sec Threat Exchange and TAG member companies, PBI 2.0 will protect brands while preventing ad dollars from reaching those illegitimate sites.”

    Malvertising Everywhere

    In an interview with EMA last December, Michael Lyden, TAG’s Vice President of Threat Intelligence, spoke of the constant battle against malvertising, a portmanteau of ‘malware’ and ‘advertising.’ Scam ads, auto-redirections, cloaking, and drive-by downloads all received a mention. Not exclusively in connection with pirate sites, though, the problem is much broader than that.

    Given the nature of this pervasive adversary, TAG’s v2.0 exclusion list will also combine data originally collected by anti-malware vendors, with the intelligence providing an enhanced view of pirate sites that combine free downloads with malicious or deceptive ads. Once that information is placed in the hands of advertisers, it’s hoped that having two reasons not to fund pirate sites will be better than having just one.

    Proactively Eliminating Malvertising

    What kind of effect the project will have at the consumer end is unclear. One of the great ironies of the pirate site/malware debate is that by driving trusted advertisers away, anti-piracy groups not only removed revenue but also opened up the market for less inhibited advertising agencies to do more business with pirate sites.

    Lower ad rates made available to pirate sites with fewer opportunities elsewhere, can lead to an elevated chance of risky ads, on web-based portals in particular. Since TAG’s system will only make things worse and the rest of the internet isn’t getting any better, some sites may need to be tackled more directly.

    The good news is that plenty of solutions for disappearing bad ads, malvertising, endless trackers, and other stuff some sites just can’t get enough of, are readily available for free. Since they don’t discriminate, they’re just as happy removing all hot girls in your area to the 80 advertising partners imposed on visitors by too many mainstream sites.

    For those really averse to abusive advertising, moving away from ISP-provided DNS to Quad9’s threat-blocking alternative is a good start.

    For the more adventurous, a self-hosted DNS server like Pi-Hole, loaded with various hand-picked blocking lists, is something that few people think they need. At least until they see how even seemingly regular ads, not to mention things like smart TVs, can really abuse their trust.

    Finally, uBlock Origin on top is an essential for every browser, and if all goes to plan, malvertising will be a thing of the past. Then, working from a nice clean sheet, unblocking the sites worthy of support seems the way to go, while enjoying the internet all over again.

    From: TF , for the latest news on copyright battles, piracy and more.

    • chevron_right

      Russian-based LockBit ransomware hackers attempt a comeback

      news.movim.eu / TheGuardian · Monday, 26 February - 16:34

    Gang has set up a new site on the dark web and declares an intention to vote for Donald Trump

    The LockBit ransomware gang is attempting a comeback days after its operations were severely disrupted by a coordinated international crackdown.

    The Russian-based group has set up a new site on the dark web to advertise a small number of alleged victims and leak stolen data, as well as releasing a rambling statement explaining how it had been hobbled by the UK’s National Crime Agency, the FBI, Europol and other police agencies in operation last week.

    Continue reading...