Introduction
Welcome to another edition of the security news weekly round-up. In today's edition, we'll cover articles about research in computer security and malware.
ASCII art elicits harmful responses from 5 major AI chatbots
If you're smart enough to "lock it down", believe me, you might be unlocking the creativity in others to unlock it for you. The latter applies to this article. If you're accustomed to AI chatbots since their popularity, you will remember that they won't respond to "harmful" instructions. Well, this research makes them respond by tricking them using ASCII art!
Here is a quick excerpt for you:
Enter ArtPrompt, a practical attack recently presented by a team of academic researchers. It formats user-entered requests—typically known as prompts—into standard statements or sentences as normal with one exception: a single word, known as a mask, is represented by ASCII art rather than the letters that spell it. The result: prompts that normally would be rejected are answered.
New acoustic attack determines keystrokes from typing patterns
Another research of what's possible in computing. The article's title says it all.
The following excerpt should get you started:
Though the method achieves an average success rate of 43%, which is significantly lower than other methods presented in the past, it does not require controlled recording conditions or a specific typing platform.
This makes it more applicable in real attacks, and depending on some target-specific parameters, it can produce enough reliable data to decipher the overall target's input with some post-capture analysis.
New Attack Shows Risks of Browsers Giving Websites Access to GPU
Our third security-related research for this week! It does concern me and you and that's why I have included it. Seriously why? Read the excerpt below.
The academic researchers described their work as one of the first GPU cache side-channel attacks from within a browser. They showed how the method can be leveraged for remote attacks, by getting the targeted user to access a website hosting malicious WebGPU code and stay on the site for several minutes while the exploit is being executed.
300,000 Systems Vulnerable to New Loop DoS Attack
Think of two systems talking to each other indefinitely. That's what this research is about. Yes, we are covering it because it affects Microsoft.
Here is an excerpt for you:
The newly discovered DoS loop attack is self-perpetuating and targets application-layer messages. It pairs two network services in such a way that they keep responding to one another’s messages indefinitely. In doing so, they create large volumes of traffic that result in a denial of service for involved systems or networks.
Over 800 npm Packages Found with Discrepancies, 18 Exploitable to 'Manifest Confusion'
If you're a developer, stay safe and be careful. What's more, remember the excerpt below.
The findings show that the attack vector has never been put to use by threat actors to conduct poisoning attacks. That said, it's crucial that developers take steps to ensure the packages are free of suspicious behaviors.
Credits
Cover photo by Debby Hudson on Unsplash.
That's it for this week, and I'll see you next time.