Cybersecurity
LegalPwn: Tricking LLMs by burying badness in lawyerly fine print
Trust and believe – AI models trained to see 'legal' doc as super legit Researchers at security firm Pangea have discovered yet another way to trivially trick large language models (LLMs) into ignoring their guardrails. Stick your adversarial instructions somewhere in a legal document to give them an…
Traffic to government domains often crosses national borders, or flows through risky bottlenecks
Sites at yourcountry.gov may also not bother with HTTPs Internet traffic to government domains often flows across borders, relies on a worryingly small number of network connections, or does not require encryption, according to new research.…
Researcher who found McDonald’s free-food hack turns her attention to Chinese restaurant robots
The controls were left wide open on Pudu's robots A researcher caught the world’s leading supplier of commercial service robots using shoddy admin security that let attackers redirect the delivery machines to anywhere and make them follow any command.…
AWS catches Russia’s Cozy Bear clawing at Microsoft credentials
Look who's visiting the watering hole these days Amazon today said it disrupted an intel-gathering attempt by Russia's APT29 to trick Microsoft users into unwittingly granting the Kremlin-backed cyberspies access to their accounts and data.…
Enterprise password management outfit Passwordstate patches Emergency Access bug
Up to 29,000 organizations and potentially 370,000 security and IT pros affected Australian development house Click Studios has warned users of its Passwordstate enterprise password management platform to update immediately if not sooner, following the discovery of an authentication bypass vulnerability that opens the doors to an emergency…
UK government dragged for incomplete security reforms after Afghan leak fallout
Senior officials summoned to science and tech committee to explain further Senior officials are being summoned to the UK's Science, Innovation and Technology Committee to explain why the government has not fully implemented the security recommendations made in a secret review following the 2021 Afghan data breach.…
FBI cyber cop: Salt Typhoon pwned ‘nearly every American’
Plus millions of other people across 80+ countries China's Salt Typhoon cyberspies hoovered up information belonging to millions of people in the United States over the course of the years-long intrusion into telecommunications networks, according to a top FBI cyber official.…
DHS says it needs $100M worth of counter-drone tech to protect America
Our drones are OK, but those other drones? The US Department of Homeland Security has revealed plans to spend more than $100 million on systems designed to take out hostile drones. …
16 billion credentials exposed: why your business needs a password manager now
Your passwords may already be at risk. Partner Content Ever felt that gut punch after losing something important, like your house keys? Now picture those, along with 184 million others, resting in plain sight at the wildest equivalent of Comic-Con for criminals.…
SK Telecom walloped with $97M fine after schoolkid security blunders let attackers run riot
Regulator points to lack of 'basic access controls' between internet-facing systems, internal network South Korea's privacy watchdog has slapped SK Telecom with a record ₩134.5 billion ($97 million) fine after finding that the mobile giant left its network wide open to hackers through a catalog of bungles.…