Millions of dollars worth of cryptocurrency were stolen from several platforms over the weekend after hackers exploited a vulnerability in a programming language used widely in the cryptocurrency world.
https://therecord.media/millions-stolen-in-vyper-crypto-hack
The OWASP Top 10 for Large Language Model Applications project aims to educate developers, designers, architects, managers, and organizations about the potential security risks when deploying and managing Large Language Models (LLMs). The project provides a list of the top 10 most critical vulnerabilities often seen in LLM applications, highlighting their potential impact, ease of exploitation, and prevalence in real-world applications. Examples of vulnerabilities include prompt injections, data leakage, inadequate sandboxing, and unauthorized code execution, among others. The goal is to raise awareness of these vulnerabilities, suggest remediation strategies, and ultimately improve the security posture of LLM applications. You can read our group charter for more information.
https://owasp.org/www-project-top-10-for-large-language-model-applications/
The Iranian nation-state actor known as TA453 has been linked to a new set of spear-phishing attacks that infect both Windows and macOS operating systems with malware.
Read more:
https://thehackernews.com/2023/07/iranian-hackers-sophisticated-malware.html
The article discusses biases in cyber threat intelligence evaluation. It covers biases related to hindsight, visibility, threat narratives, and viewing all activity as malicious. It also warns against assuming fixed rules on the Internet, overestimating adversaries, and highlights two attribution standards: “little a” and “Big A.” Analysts are urged to stay objective and consider the evidence carefully while acknowledging the limitations of attribution.
Read more:
https://medium.com/@mrichard91/common-cyber-threat-intel-biases-9d6f410f5829
A memory corruption vulnerability exists in the Javascript implementation of the Acrobat-based PDF engine in Microsoft Edge 112.0.1722.58 and 114.0.1776.0 Canary. A specially crafted PDF document can trigger type confusion vulnerability when manipulating icons, which could lead to writes to arbitrary memory and possibly code execution or other side effects. Victim would need to open a malicious file in the browser to trigger this vulnerability.
Read more:
https://www.talosintelligence.com/vulnerability_reports/TALOS-2023-1747
Microsoft disclosed today an unpatched zero-day security bug in multiple Windows and Office products exploited in the wild to gain remote code execution via malicious Office documents.
In a separate blog post, the company says the CVE-2023-36884 bug was exploited in recent attacks targeting organizations attending the NATO Summit in Vilnius, Lithuania.
We need scientific and technical breakthroughs to steer and control AI systems much smarter than us. To solve this problem within four years, we’re starting a new team, co-led by Ilya Sutskever and Jan Leike, and dedicating 20% of the compute we’ve secured to date to this effort. We’re looking for excellent ML researchers and engineers to join us.
Read more: https://openai.com/blog/introducing-superalignment
MITRE ATLAS™ (Adversarial Threat Landscape for Artificial-Intelligence Systems), is a knowledge base of adversary tactics, techniques, and case studies for machine learning (ML) systems based on real-world observations, demonstrations from ML red teams and security groups, and the state of the possible from academic research. ATLAS is modeled after the MITRE ATT&CK® framework and its tactics and techniques are complementary to those in ATT&CK.
“All organizations, government and private sector, should understand that cyber conflict – including cyber espionage, information warfare, misinformation, disinformation, and even cyber-attacks – is not going away. For those of us in the business, we all recognize this challenge and should keep helping others understand the enduring nature of cyber conflict.”
The US government warns encryption chipmaker Hualan has suspicious ties to China’s military. Yet US agencies still use one of its subsidiary’s chips, raising fears of a backdoor.
Read more: https://www.wired.com/story/hualan-encryption-chips-entity-list-china/
We learn Security! 