Movatterモバイル変換

[0]ホーム
URL:

Skip to content
DEV Community
Log in Create account

DEV Community

Cover image for Security news weekly round-up - 23rd February 2024
Habdul Hazeez
Habdul Hazeez

Posted on

     

Security news weekly round-up - 23rd February 2024

Introduction

Hello, and welcome to this week's review. In this edition, we'll talk aboutprompt injection attacks,how people got scammed,some warnings from Meta,PQ3 protocol from Apple, and more. So, let's go!

Multi-modal prompt injection image attacks against GPT-4V

This article echoes the statement: tell a computer what to do and it will do it. It seems funny at first, but it's also scary. Nonetheless, it shows that despite measures put in place to misuse LLM models like GPT, humans can get clever and make them do what they want.

Here is a quick excerpt for you:

The fundamental problem here is this: Large Language Models are gullible. Their only source of information is their training data combined with the information that you feed them. If you feed them a prompt that includes malicious instructions—however those instructions are presented—they will follow those instructions.

Pluralistic: How I got scammed (05 Feb 2024)

This happened to Cory Doctorow, but it can happen to anyone, so be careful and double-check before you give out your card information. What's more, another personallegedly got scammed of $50K in cash and another,$600k in retirement savings.

The following is an excerpt from Cory's article:

There's a name for this in security circles: "Swiss-cheese security." Imagine multiple slices of Swiss cheese all stacked up, the holes in one slice blocked by the slice below it. All the slices move around and every now and again, a hole opens up that goes all the way through the stack. Zap!

Meta Warns of 8 Spyware Firms Targeting iOS, Android, and Windows Devices

Am surprised and also not surprised, still it's worth knowing.

Here is more from the article:

The eight companies are Cy4Gate/ELT Group, RCS Labs, IPS Intelligence, Variston IT, TrueL IT, Protect Electronic Systems, Negg Group, and Mollitiam Industries.

These firms, per Meta, also engaged in scraping, social engineering, and phishing activity that targeted a wide range of platforms such as Facebook, Instagram...

Apple Unveils PQ3 Protocol - Post-Quantum Encryption for iMessage

It's a preemptive approach. Nonetheless, it's better to be safe than sorry.

A quick one from the article:

PQ3 is the first messaging protocol to reach what we call Level 3 security — providing protocol protections that surpass those in all other widely deployed messaging apps

Everything you need to know about IP grabbers

Raise your hands if this is the first time you're reading about "IP grabbers". Anyone? Come on! Wait, check the excerpt and read the article for more.

An IP grabber is usually a link that, upon clicking, records your IP address and stores it. What can follow is that someone can use another tool to track that IP across the web, noting its interactions with various web pages around the net.

Researchers Detail Apple's Recent Zero-Click Shortcuts Vulnerability

Apple patched the bug, but it's a good thing if you know about it. Still, you can read more about the vulnerability in the excerpt below.

The method involves selecting any sensitive data (Photos, Contacts, Files, and clipboard data) within Shortcuts, importing it, converting it using the base64 encode option, and ultimately forwarding it to the malicious server."

The exfiltrated data is then captured and saved as an image on the attacker's end using a Flask application, paving the way for follow-on exploitation.

Fraudsters tried to scam Apple out of 5,000 iPhones worth over $3 million

Long story short: They were arrested in September 2019 and they are awaiting sentencing on June 21, 2024. It seemed to work at first until they got caught.

Here is more from the article:

Throughout this multi-year scheme, they shipped counterfeit devices from Hong Kong to commercial mail receiving agency (CMRA) mailboxes in UPS stores, opened using their actual driver's licenses and university identification cards.

They then submitted the inauthentic iPhones with spoofed serial numbers and IMEI numbers to Apple retail stores and Apple Authorized Service Providers and received replacement iPhones from Apple, shipped via private and commercial interstate carriers, including FedEx, DLH, and UPS.

Credits

Cover photo byDebby Hudson on Unsplash.

That's it for this week, and I'll see you next time.

Top comments(0)

Subscribe
pic
Create template

Templates let you quickly answer FAQs or store snippets for re-use.

Dismiss

Are you sure you want to hide this comment? It will become hidden in your post, but will still be visible via the comment'spermalink.

For further actions, you may consider blocking this person and/orreporting abuse

I teach and write code with interests in Web Development, Computer Security, and Artificial Intelligence.
  • Location
    Nigeria
  • Education
    B.Sc. Computer Science
  • Work
    Web Developer and Technical Writer
  • Joined

More fromHabdul Hazeez

DEV Community

We're a place where coders share, stay up-to-date and grow their careers.

Log in Create account
[8]ページ先頭
©2009-2025 Movatter.jp