Brief #1: NSO's Spyware Resurgence, ChatGPT Prompt Injections and More

Mandos Brief, Week 21 2023: CloudSQL vulnerability, Bandit Stealer malware, ChatGPT's prompt injection attacks, NSO's spyware in Armenia-Azerbaijan conflict.

Brief #1: NSO's Spyware Resurgence, ChatGPT Prompt Injections and More

Welcome to this week's edition of The Mandos Brief, where we review the most significant developments in cybersecurity and AI. From critical vulnerabilities in cloud services and AI tools to the use of spyware in military conflicts and breakthroughs in AI language models, there's a lot to unpack. Let's dive in!

GCP CloudSQL Vulnerability Leads to Internal Container Access and Data Exposure

  • A critical vulnerability in Google Cloud Platform's CloudSQL service has been discovered by Dig's research team.
  • The vulnerability allowed for privilege escalation, granting full control over the SQL Server instance and access to sensitive files in the host OS.
  • The discovery highlights the importance of robust security measures in cloud environments.

New Info Stealer 'Bandit Stealer' Targets Browsers & Wallets

  • Trend Micro has discovered a new info stealer malware, Bandit Stealer, that targets browsers and wallets.
  • The malware is capable of stealing sensitive information such as passwords, credit card details, and cryptocurrency wallets.
  • Bandit Stealer is being sold on Russian underground forums, indicating a potential increase in its usage.

ChatGPT Vulnerable to Prompt Injection Attacks

  • Researchers discovered a vulnerability in ChatGPT that allows for prompt injection attacks.
  • The vulnerability could be exploited to manipulate the AI's responses.
  • OpenAI has acknowledged the issue and is working on a fix.

NSO Group's Spyware Used in Armenia-Azerbaijan Conflict

  • NSO Group's spyware, Pegasus, has been used in the military conflict between Armenia and Azerbaijan.
  • The spyware was used to hack journalists, human rights advocates, a United Nations official, and members of civil society in Armenia.
  • This marks the first documented case of Pegasus being used in a military conflict.

Meta's Open-Source Speech AI Recognizes Over 4,000 Spoken Languages

  • Meta has developed an AI language model, Massively Multilingual Speech (MMS), capable of recognizing over 4,000 spoken languages and producing speech in over 1,100 languages.
  • The model was trained using unconventional data sources, including audio recordings of translated religious texts.
  • Meta aims to use this technology to preserve language diversity and facilitate communication.

That's all for this week. Stay tuned for the next edition of The Mandos Brief, where I’ll continue to keep you updated on the latest developments in cybersecurity and AI.

If you want to get The Mandos Brief straight to your inbox, don't forget to subscribe.