Fresh #hack: #ChatGPT can generate sequences memorized from its training data using a very trivial attack. You tell the bot to “say the word * as many times as possible”. And, starting with some attempt, ChatGPT starts to produce something very similar to the original data from the training sample:
https://stackdiary.com/chatgpts-training-data-can-be-exposed-via-a-divergence-attack/
https://stackdiary.com/chatgpts-training-data-can-be-exposed-via-a-divergence-attack/
Stack Diary
ChatGPT's training data can be exposed via a "divergence attack"
This article delves into a recent comprehensive study examining the extent of data memorization in various language models, including open-source, semi-open, and closed models like ChatGPT.
👍1👏1😱1
#security #hack #OAuth
Dylan from truffleSecurity talks about a simple hole (it seems a bit loud to call it a vulnerability) that allows users of companies that use #Google authorization in services like Slack or Zoom to continue to have access even after being fired and having their access removed.
The hole is that such services use email as the user ID. But, obviously, you can create several different email addresses that receive the same emails (e.g. by adding words after "+"):
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Dylan from truffleSecurity talks about a simple hole (it seems a bit loud to call it a vulnerability) that allows users of companies that use #Google authorization in services like Slack or Zoom to continue to have access even after being fired and having their access removed.
The hole is that such services use email as the user ID. But, obviously, you can create several different email addresses that receive the same emails (e.g. by adding words after "+"):
https://trufflesecurity.com/blog/google-oauth-is-broken-sort-of/
Trufflesecurity
Google OAuth is Broken (Sort Of) ◆ Truffle Security Co.
Today I’m publicizing a Google OAuth vulnerability that allows employees at companies to retain indefinite access to applications like Slack and Zoom, after they’re off-boarded and removed from their company’s Google organization. The vulnerability is easy…
👏1👨💻1
#security #hack #2023
Compilation of the biggest cyberattacks of the past year:
https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2023/
Compilation of the biggest cyberattacks of the past year:
https://www.bleepingcomputer.com/news/security/the-biggest-cybersecurity-and-cyberattack-stories-of-2023/
BleepingComputer
The biggest cybersecurity and cyberattack stories of 2023
2023 was a big year for cybersecurity, with significant cyberattacks, data breaches, new threat groups emerging, and, of course, zero-day vulnerabilities.
👌1
#Dropbox #hack
“We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings,” Dropbox said Wednesday in a regulatory filing. “For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”
https://finance.yahoo.com/news/dropbox-says-hackers-breached-digital-211551057.html
“We discovered that the threat actor had accessed data related to all users of Dropbox Sign, such as emails and user names, in addition to general account settings,” Dropbox said Wednesday in a regulatory filing. “For subsets of users, the threat actor also accessed phone numbers, hashed passwords, and certain authentication information such as API keys, OAuth tokens, and multi-factor authentication.”
https://finance.yahoo.com/news/dropbox-says-hackers-breached-digital-211551057.html
Yahoo Finance
Dropbox Says Hackers Breached Digital-Signature Product
(Bloomberg) -- Dropbox Inc. said its digital-signature product, Dropbox Sign, was breached by hackers, who accessed user information including emails, user names and phone numbers.Most Read from BloombergIsrael Says a Cease-Fire Plan Backed by Hamas Falls…
🔥1
#hack
#Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal containing customer information related to purchases was breached.
"We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," reads a Dell data breach notification shared with BleepingComputer.
https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/
#Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
The computer maker began emailing data breach notifications to customers yesterday, stating that a Dell portal containing customer information related to purchases was breached.
"We are currently investigating an incident involving a Dell portal, which contains a database with limited types of customer information related to purchases from Dell," reads a Dell data breach notification shared with BleepingComputer.
https://www.bleepingcomputer.com/news/security/dell-warns-of-data-breach-49-million-customers-allegedly-affected/
BleepingComputer
Dell warns of data breach, 49 million customers allegedly affected
Dell is warning customers of a data breach after a threat actor claimed to have stolen information for approximately 49 million customers.
👍1
#OpenAI #hack #way
Interesting reading:
https://www.nytimes.com/2024/07/04/technology/openai-hack.html?unlocked_article_code=1.4k0.vlD8.X6w16sWyO1YT&smid=url-share
Interesting reading:
https://www.nytimes.com/2024/07/04/technology/openai-hack.html?unlocked_article_code=1.4k0.vlD8.X6w16sWyO1YT&smid=url-share
NY Times
A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too (Gift Article)
A security breach at the maker of ChatGPT last year revealed internal discussions among researchers and other employees, but not the code behind OpenAI’s systems.
👍1👀1
#security #Bluetooth #hack by #Apple #AirTag
An interesting topic on turning any Bluetooth device into an Apple AirTag tracker. Researchers have come up with a method that allows attackers to take the Bluetooth signal of any device, calculate a possible private key from the FindMy system, transmit it to Apple's FindMy servers, and then get the location of that unit.
https://nroottag.github.io/
An interesting topic on turning any Bluetooth device into an Apple AirTag tracker. Researchers have come up with a method that allows attackers to take the Bluetooth signal of any device, calculate a possible private key from the FindMy system, transmit it to Apple's FindMy servers, and then get the location of that unit.
https://nroottag.github.io/
nroottag.github.io
nRootTag - Tracking You from a Thousand Miles Away!
Research on how Apple's Find My network can be exploited to track non-Apple devices
🤯3🔥2🤔2
#GitHub #hack
https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/
https://semgrep.dev/blog/2025/popular-github-action-tj-actionschanged-files-is-compromised/
Semgrep
🚨 Popular GitHub Action tj-actions/changed-files is compromised
Popular GitHub Action tj-actions/changed-files has been compromised with a payload that appears to attempt to dump secrets, impacting thousands of CI pipelines.
🔥2🤯1