New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks

New Study Uncovers Text-to-SQL Model Vulnerabilities Allowing Data Theft and DoS Attacks,

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks.
« To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely Text-to-SQL), » Xutan Peng, a

,

A group of academics has demonstrated novel attacks that leverage Text-to-SQL models to produce malicious code that could enable adversaries to glean sensitive information and stage denial-of-service (DoS) attacks.
« To better interact with users, a wide range of database applications employ AI techniques that can translate human questions into SQL queries (namely Text-to-SQL), » Xutan Peng, a

, ,
https://thehackernews.com/2023/01/new-study-uncovers-text-to-sql-model.html

Why Do User Permissions Matter for SaaS Security?

Why Do User Permissions Matter for SaaS Security?,

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp’s customers’ end users.
Three months later, Mailchimp was hit with another attack. Once again, an

,

Earlier this year, threat actors infiltrated Mailchimp, the popular SaaS email marketing platform. They viewed over 300 Mailchimp customer accounts and exported audience data from 102 of them. The breach was preceded by a successful phishing attempt and led to malicious attacks against Mailchimp’s customers’ end users.
Three months later, Mailchimp was hit with another attack. Once again, an

, ,
https://thehackernews.com/2023/01/why-do-user-permissions-matter-for-saas.html

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands

Millions of Vehicles at Risk: API Vulnerabilities Uncovered in 16 Major Car Brands,

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.
The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in

,

Multiple bugs affecting millions of vehicles from 16 different manufacturers could be abused to unlock, start, and track cars, plus impact the privacy of car owners.
The security vulnerabilities were found in the automotive APIs powering Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, Toyota as well as in

, ,
https://thehackernews.com/2023/01/millions-of-vehicles-at-risk-api.html

Crypto : 2022 a été l’année des piratages… et ce sera pire en 2023

Crypto : 2022 a été l’année des piratages… et ce sera pire en 2023,

ethereum merge

En 2022, le secteur des cryptomonnaies a subi une centaine d’attaques informatiques. En ciblant les protocoles les plus fragiles de la finance décentralisée, les pirates ont siphonné des milliards de dollars… et ils ne comptent pas s’arrêter là.

,

ethereum merge

En 2022, le secteur des cryptomonnaies a subi une centaine d’attaques informatiques. En ciblant les protocoles les plus fragiles de la finance décentralisée, les pirates ont siphonné des milliards de dollars… et ils ne comptent pas s’arrêter là.

, ,
https://www.01net.com/actualites/crypto-2022-a-ete-lannee-des-piratages-et-ce-sera-pire-en-2023.html

ChatGPT : mauvaise nouvelle, les cybercriminels ont aussi commencé à l’utiliser

ChatGPT : mauvaise nouvelle, les cybercriminels ont aussi commencé à l’utiliser,

hacking, hack, hacker

C’est une tendance inquiétante : les pirates se sont aussi emparés de ChatGPT et certains s’en servent pour créer e-mails de phishing et malwares en quelques secondes. Le début d’une nouvelle ère ?

,

hacking, hack, hacker

C’est une tendance inquiétante : les pirates se sont aussi emparés de ChatGPT et certains s’en servent pour créer e-mails de phishing et malwares en quelques secondes. Le début d’une nouvelle ère ?

, ,
https://www.01net.com/actualites/chatgpt-mauvaise-nouvelle-les-cybercriminels-ont-aussi-commence-a-lutiliser.html

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls

Malicious PyPI Packages Using Cloudflare Tunnels to Sneak Through Firewalls,

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly

,

In yet another campaign targeting the Python Package Index (PyPI) repository, six malicious packages have been found deploying information stealers on developer systems.
The now-removed packages, which were discovered by Phylum between December 22 and December 31, 2022, include pyrologin, easytimestamp, discorder, discord-dev, style.py, and pythonstyles.
The malicious code, as is increasingly

, ,
https://thehackernews.com/2023/01/malicious-pypi-packages-using.html

Top SaaS Cybersecurity Threats in 2023: Are You Ready?

Top SaaS Cybersecurity Threats in 2023: Are You Ready?,

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses

Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

,

Cybercriminals will be as busy as ever this year. Stay safe and protect your systems and data by focusing on these 4 key areas to secure your environment and ensure success in 2023, and make sure your business is only in the headlines when you WANT it to be. 1 — Web application weaknesses

Web applications are at the core of what SaaS companies do and how they operate, and they can store some of

, ,
https://thehackernews.com/2023/01/top-saas-cybersecurity-threats-in-2023.html

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions,

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique « could act as an entry point for an attack on many organizations, » Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,

,

A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks.
The technique « could act as an entry point for an attack on many organizations, » Aqua security researcher Ilay Goldman said in a report published last week.
VS Code extensions,

, ,
https://thehackernews.com/2023/01/hackers-distributing-malicious-visual.html

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors

Russian Turla Hackers Hijack Decade-Old Malware Infrastructure to Deploy New Backdoors,

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine.
Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called 

,

The Russian cyberespionage group known as Turla has been observed piggybacking on attack infrastructure used by a decade-old malware to deliver its own reconnaissance and backdoor tools to targets in Ukraine.
Google-owned Mandiant, which is tracking the operation under the uncategorized cluster moniker UNC4210, said the hijacked servers correspond to a variant of a commodity malware called 

, ,
https://thehackernews.com/2023/01/russian-turla-hackers-hijack-decade-old.html

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub,

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group « primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations, » Palo Alto Networks Unit 42

,

A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN.
The group « primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations, » Palo Alto Networks Unit 42

, ,
https://thehackernews.com/2023/01/hackers-using-captcha-bypass-tactics-in.html