Weekly in Security is a summary of the cybersecurity news from the past week. This post covers 2022-09-12 to 2022-09-19.
Mandiant will join Google Cloud and retain the Mandiant brand. Google Cloud customers and partners benefit from pioneering security capabilities including world-class threat intelligence, zero trust architecture, and planet-scale analytics for security operations.
Bishop Fox hosted a CTF-style challenge related to their article Never, Ever, Ever Use Pixelation for Redacting Text. The challenge winner, Shawn Asmus, published his write-up for the challenge. This is an good reminder to properly redact documents. Looking back, there are many examples of pixelations, swirl and black-boxes gone wrong.
Prompt injection is when an AI that uses textual instructions (a “prompt”) to accomplish a task is tricked by malicious, adversarial user input to perform a task that was not part of it’s original objective, akin to a SQL injection. Simon wrote an interesting summary of the recent exploits. One funny example Marco came up with is tricking the prompt injection detector to simply ignore the injection. As such, there currently does not exist a proper protection against such attacks, as Simon stated in his follow up article. Probably, models will have to distinguish instructions and user input. I would imagine something similar to prepared statements in SQL.
Covert Attack Chain and C2 Utilizing Microsoft Teams GIFs
Bobby Rauch built a tool to abuse legitimate Microsoft infrastructure to deliver malicious files, commands, and perform data exfiltration via GIFs. The medium article was picked up by bleepingcomputer after a few days. For Microsoft the underlying