Mark on Privacy

OWASP created a guide on how to test LLMs. Known as red teaming, the guide details techniques that can be used to test the security measures included in a GenAI, like edge-case analysis, adversarial prompt engineering, bias identification, etc. https://t.co/OC1p4UcRlf

Here go my most noteworthy news from the past 2 months. Also, I'm working on a major refactor for ORK which I hope to drop end of month. https://t.co/uuG1XGSDAa

The past months showed that getting LLMs to safely interpret queries is not straightforward. Google tried to react to previous prompt injections, but it is still vulnerable to delayed invocation. https://t.co/RsAoA7AyNz

Sound and image synthetization is increasingly being used to impersonate colleagues or family members. The FBI recommends to have a countersign to identify scammers. https://t.co/bZgBuOXfqG

Attackers are using LLMs to generate customized content for their phishing campaigns. Fortunately, attackers also need to meet deadlines and leave obvious telltale signs. https://t.co/8tdFLvr42c

Extensive cyber attacks against Romanian voting infrastructure. A total of 85.000 attacks were counted and access credentials for election-related websites were stolen and leaked on a Russian hacker forums. As a result, elections will need to be redone. https://t.co/Uf6nsI4qfe

Infostealers on Play Store. They trick users into entering financial information and granting extra mobile app permissions,  leading to extortion, harassment, and financial loss. https://t.co/EV5ivdYHwX

Vulnerabilities in Mazda’s infotainment. When given physical to in-car USB, it is possible to load software starting at boot. After that, an attacker can gain access to CAN bus… https://t.co/jEcZ22W7sH

Cyber resiliency act: starting 2017, digital products (hw&sw) will require CE mark, indicating compliance to secure design and vulnerability mgmt. Obligations include encryption in transit, bill of materials, vulnerability disclosure, etc.

Very interesting new method to trick people into downloading a malicious binary. It builds on the recent crazy CAPTCHA methods by convincing users that the binary is just another method to check you are human: https://t.co/JTbL6cREPo