Aggregator

Google’s Threat Intelligence Group (GTIG) has uncovered a sophisticated cyberattack campaign targeting end-of-life SonicWall Secure Mobile Access (SMA) 100 series appliances, where threat actors are exploiting previously stolen credentials and deploying a new rootkit called OVERSTEP. The financially motivated group, tracked as UNC6148, has been operating since at least October 2024 and is suspected of […]

The post 0-Day RCE Flaw in SonicWall SMA Devices Exploited to Launch OVERSTEP Ransomware appeared first on GBHackers Security | #1 Globally Trusted Cyber Security News Platform.

Socure launched Workforce Verification solution to address the growing threat of employee fraud. Socure’s Workforce Verification adapts its enterprise-grade identity verification and fraud prevention specific to hiring workflows, detecting manipulated or fabricated identities before they enter organizations and addressing workforce risk at its source: identity. “Identity fraud is no longer confined to the consumer realm, it’s infiltrating the workforce at an accelerating rate and has become a foundational risk to cybersecurity, compliance, and organizational trust … More →

The post Socure Workforce Verification detects manipulated or fabricated identities appeared first on Help Net Security.

Legit Security announced enhanced capabilities for significant code change and workflow orchestration within its platform. These capabilities provide insight into changes in code, configuration, or infrastructure that can impact an application’s security or compliance posture. With visibility into where everyday code changes are occurring and the appropriate workflows to resolve them, AppSec and development teams can overcome the challenges of disconnected tool sprawl, duplicate alerts, remediation without context, and hidden or unnoticed code. Detecting, documenting, … More →

The post Legit Security delivers automated security reviews for AppSec and development teams appeared first on Help Net Security.

Akeyless has launched Akeyless SecretlessAI, a solution purpose-built to secure AI agents and Model Context Protocol (MCP) servers. As enterprises accelerate AI adoption, these autonomous systems are increasingly entrusted with accessing sensitive data, APIs, and internal tools to fulfill their tasks. This shift demands a new security paradigm — one that protects machine-to-machine communication at scale, without compromising agility or trust. AI agents now operate in dynamic, distributed environments and frequently act on behalf of … More →

The post Akeyless SecretlessAI protects machine-to-machine communication appeared first on Help Net Security.

谷歌Gemini for Workspace可以被利用来生成看似合法但包含恶意指令或警告的电子邮件摘要，这些指令可能不使用附件或直接链接将用户引导到网络钓鱼网站。

这种攻击利用隐藏在电子邮件中的间接提示注入，而Gemini在生成消息摘要时遵循这些提示注入。尽管自2024年以来一直有类似的快速攻击报告，安全研究人员也实施了防范措施来阻止误导性响应，但该技术仍然是防不胜防的。

Gemini漏洞攻击

Mozilla的GenAI漏洞赏金计划经理Marco Figueroa（研究员）发现，谷歌的Gemini模型遭受了一次提示注入攻击。这个过程包括为Gemini创建一封带有无形指示的电子邮件。攻击者可以使用HTML和CSS将字体大小设置为0，颜色设置为白色，将恶意指令隐藏在消息末尾的正文文本中。

制作恶意邮件

恶意指令不会在Gmail中呈现，并且由于没有附件或链接，因此消息极有可能到达潜在目标的收件箱。如果收件人打开电子邮件并要求Gemini生成电子邮件摘要，谷歌的人工智能工具将解析这个看不见的指令并服从它。

Figueroa提供的一个示例显示Gemini遵循隐藏的指令，并包含关于用户Gmail密码被泄露的安全警告，以及支持电话号码。

Gemini漏洞总结结果送达用户

由于许多用户很可能相信Gemini的输出是谷歌Workspace功能的一部分，因此很有可能将此警报视为合法警告，而不是恶意注入。

Figueroa提供了一些检测和缓解方法，安全团队可以应用这些方法来防止此类攻击。一种方法是删除、中和或忽略被设计为隐藏在正文中的内容。

另一种方法是实现一个后处理过滤器，该过滤器扫描Gemini输出以查找紧急消息、网址或电话号码，并标记消息以进行进一步审查。