Meta AI Models Cracked Open With Exposed API Tokens

Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations. [TechWeb]( Follow Dark Reading: [RSS]( December 05, 2023 LATEST SECURITY NEWS & COMMENTARY [Meta AI Models Cracked Open With Exposed API Tokens]( Researchers at Lasso Security found 1,500+ tokens in total that gave them varying levels of access to LLM repositories at Google, Microsoft, VMware, and some 720 other organizations. ['AeroBlade' Group Hacks US Aerospace Company]( Aeroblade flew under the radar, slicing through detection checks on a quest to steal sensitive commercial data. [23andMe: Data Breach Was a Credential-Stuffing Attack]( The DNA testing company believes that the attack has now been contained and is notifying impacted individuals. [Pro-Iran Attackers Access Multiple Water Facility Controllers]( Multiple agencies warn that attackers have been active since Nov. 22, targeting operational technology (OT) across the US. [Establishing New Rules for Cyber Warfare]( Why we should applaud the Red Cross's efforts, even if they likely won't work. [(Sponsored Article) The SOC's Future Is a Security Platform]( SOC tools must evolve, and a unified platform with a comprehensive, proactive protection and Gen AI can tip the scales in favor of your defenders. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Okta Breach Widens to Affect 100% of Customer Base]( Early disclosures related to September compromise insisted less than 1% of Okta customers were impacted; now, the company says it was all of them. [The US Needs to Follow Germany's Attack-Detection Mandate]( A more proactive approach to fighting cyberattacks for US companies and agencies is shaping up under the CISA's proposal to emphasize real-time attack detection and response. [Simple Hacking Technique Can Extract ChatGPT Training Data]( Apparently all it takes to get a chatbot to start spilling its secrets is prompting it to repeat certain words like "poem" forever. [Siemens PLCs Still Vulnerable to Stuxnet-like Cyberattacks]( Security updates are tedious and difficult, so users continue to use a weak version of a core protocol and remain exposed to major attacks on critical infrastructure. [MORE]( PRODUCTS & RELEASES [Zatik Security Gains Momentum, Announces Co-Founder, CTO, Partner Network]( [Flow Security Launches GenAI DLP]( [The Latest Delinea Secret Server Release Boosts Usability With New Features]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Critical 'LogoFAIL' Bugs Offer Secure Boot Bypass for Millions of PCs]( Hundreds of consumer and enterprise-grade x86 and ARM models from various vendors, including Intel, Acer, and Lenovo, are potentially vulnerable to bootkits and takeover. LATEST FROM THE EDGE [Name That Edge Toon: On Your Mark...]( Come up with a clever cybersecurity-related caption, and our panel of experts will reward the winner with a $25 Amazon gift card. LATEST FROM DR TECHNOLOGY [Enhancing Incident Response Playbooks With Machine Learning]( Cybersecurity analysts use playbooks as a guide to quickly investigate and respond to incidents, but regularly neglect to keep the process documents up to date. LATEST FROM DR GLOBAL [Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds]( Joe Sullivan, spared prison time, weighs in on the lessons learned from the 2016 Uber breach and the import of the SolarWinds CISO case. WEBINARS - [What's In Your Cloud?]( - [How to Combat the Latest Cloud Security Threats]( More businesses have shifted critical assets and operations to the cloud, as service providers enhance their security capabilities and companies adapt to more remote workforces. In this webinar, experts outline the top ways that attackers are exploiting cloud services, applications ... [View More Dark Reading Webinars >>]( WHITE PAPERS - [9 Traits You Need to Succeed as a Cybersecurity Leader]( - [The Ultimate Guide to the CISSP]( [View More White Papers >>]( FEATURED REPORTS - [Passwords Are Passe: Next Gen Authentication Addresses Today's Threats]( - [Everything You Need to Know About DNS Attacks]( - [Securing the Remote Worker: How to Mitigate Off-Site Cyberattacks]( The most profound change to enterprise security with the rise of remote work is the way endpoint security has moved from last line of defense to being on the frontline. The user's endpoint is the first device attackers encounter, making ... [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=119734&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_12.04.23&sp_cid=50833&utm_content=DR_NL_Dark%20Reading%20Daily_12.04.23&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#c0 If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2023]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)