🔥 Just launched: prompt-injection-defenses

Every practical and proposed defense against prompt injection.

Feedback and PRs welcomed!

By rami

github.com/tldrsec/prompt…

Good morrow!

I've founded my own company in #CyberSecurity .

Do reach out if I can be of use to you through the services that I offer.

yetanothercyber.com

⚠️Telegram Desktop for Windows security vulnerability confirmed and fixed
🪲 RCE risk due to a typo in the executable and IP-revealing file extension list: 'pywz' instead of 'pyzw'.
❌ Relying on blacklists/denylists alone is risky. They can be incomplete or miss new extensions.

Have you ever heard that 1 + 1 does not always equal 2? That's the case with prompt injection. In this post, Jose Selvi describes the non-deterministic nature of prompt injection and how to avoid missdetecting such vulnerability. research.nccgroup.com/2024/04/12/non…

the xz sshd backdoor rabbithole goes quite a bit deeper. I was just able to trigger some harder to reach functionality of the backdoor. there's still more to explore.. 1/n

I've been looking into how the xz backdoor works and drew this sketch to make it easier to understand.
I'll update it as new information comes to light ✨

xz/lzma backdoor:
🔬 Discovered and analyzed by Andres Freund while investigating performance issues
🔎 GitHub 'JiaT75' contributions now being audited
🐧Affected distros: Debian sid, Fedora 41/Rawhide, Arch Linux (5.6.1-1), NixOS unstable
☠️ Narrowly avoided wider impact

A quick note about xz-utils backdoor:
1 - luckily, this was caught early.
2 - most run xz-utils 5.2/5.4. 5.6 is bad.
3 - quick check: `xz -V`
4 - Thanks to people who paid attention

openwall.com/lists/oss-secu…
cisa.gov/news-events/al…

Is it me or X is plenty of ads with AI generated fake news? It used to be my favorite tool to keep myself updated, but is disappointing to scroll down and see those no sense ads, to be honest 😔

New Blog: LTair:  The LTE Air Interface Tool research.nccgroup.com/2024/03/14/lta…

Buffer Overflow in Mixture of Experts

'Mixture of Experts (MoE) has become a key ingredient for scaling large foundation models while keeping inference costs steady. We show that expert routing strategies that have cross-batch dependencies are vulnerable to attacks. Malicious…

#defcon escapes another brush with cancellation! After 25 years w/Caesars, they cancelled our contract for #defcon 32.

A lot of conferences might have buckled, but not DEF CON. Hackers make a way out of no way.

Uncanceled DEF CON 32 will now be held at the Las Vegas Convention…

🤖 Web LLM attacks

PortSwigger's Web Security Academy write-up on attacking and defending apps that leverage LLMs

🧪 With links to hands-on labs

#cybersecurity #infosec

portswigger.net/web-security/l…

Terrapin Attack against the SSH protocol terrapin-attack.com

If you are using Burp Suite without hackvertor , you are either a bash master or you are not making this game easy at all for yourself!

🤖 Adversarial Attacks on LLMs

🔥 post by Lilian Weng covering:

1️⃣ Threat model

2️⃣ Types of attacks: token manipulation, gradient based attacks, jailbreaking, human in the loop red teaming, model red teaming

3️⃣ Mitigations

Love the paper references!

lilianweng.github.io/posts/2023-10-…

Discover the latest insights from our GitHub Security Lab team’s audit on Home Assistant security! 🛡️
github.blog/2023-11-30-sec… #CodeReview

New write-up on an Intel Ice Lake CPU vulnerability, we can effectively corrupt the RoB with redundant prefixes! 🔥 An updated microcode is available today for all affected products, cloud providers should patch ASAP.
lock.cmpxchg8b.com/reptar.html

That was fun. I bypassed a OpenAI ChatGPT /mnt/data restriction via a symlink, downloaded envs, Jupyter kernels' keys, and some source code from there. Reported via bugcrowd and got not applicable! Now this issue is fixed (in like an hours after my report).. Is it how it…

Willing to use it! This will be very helpful in some of my scenarios.