Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Cross Site Scripting. Show all posts

Managing LLM Security Risks in Enterprises: Preventing Insider Threats

 

Large language models (LLMs) are transforming enterprise automation and efficiency but come with significant security risks. These AI models, which lack critical thinking, can be manipulated to disclose sensitive data or even trigger actions within integrated business systems. Jailbreaking LLMs can lead to unauthorized access, phishing, and remote code execution vulnerabilities. Mitigating these risks requires strict security protocols, such as enforcing least privilege, limiting LLM actions, and sanitizing input and output data. LLMs in corporate environments pose threats because they can be tricked into sharing sensitive information or be used to trigger harmful actions within systems. 

Unlike traditional tools, their intelligent, responsive nature can be exploited through jailbreaking—altering the model’s behavior with crafted prompts. For instance, LLMs integrated with a company’s financial system could be compromised, leading to data manipulation, phishing attacks, or broader security vulnerabilities such as remote code execution. The severity of these risks grows when LLMs are deeply integrated into essential business operations, expanding potential attack vectors. In some cases, threats like remote code execution (RCE) can be facilitated by LLMs, allowing hackers to exploit weaknesses in frameworks like LangChain. This not only threatens sensitive data but can also lead to significant business harm, from financial document manipulation to broader lateral movement within a company’s systems.  

Although some content-filtering and guardrails exist, the black-box nature of LLMs makes specific vulnerabilities challenging to detect and fix through traditional patching. Meta’s Llama Guard and other similar tools provide external solutions, but a more comprehensive approach is needed to address the underlying risks posed by LLMs. To mitigate the risks, companies should enforce strict security measures. This includes applying the principle of least privilege—restricting LLM access and functionality to the minimum necessary for specific tasks—and avoiding reliance on LLMs as a security perimeter. 

Organizations should also ensure that input data is sanitized and validate all outputs for potential threats like cross-site scripting (XSS) attacks. Another important measure is limiting the actions that LLMs can perform, preventing them from mimicking end-users or executing actions outside their intended purpose. For cases where LLMs are used to run code, employing a sandbox environment can help isolate the system and protect sensitive data. 

While LLMs bring incredible potential to enterprises, their integration into critical systems must be carefully managed. Organizations need to implement robust security measures, from limiting access privileges to scrutinizing training data and ensuring that sensitive data is protected. This strategic approach will help mitigate the risks associated with LLMs and reduce the chance of exploitation by malicious actors.

Cross Site Scripting Bugs Identified in Google Cloud and Play

 

A security researcher recently discovered a pair of vulnerabilities in Google Cloud, DevSite, and Google Play allowing hackers to launch cross-site scripting (XSS) attacks, and creating the way for account hacking. 

The first vulnerability is a reflected XSS flaw in Google DevSite. The hacker could exploit the vulnerability by employing malicious links to run JavaScript on the origins http://cloud.google.com and http://developers.google.com, meaning a malicious actor could read and alter its contents, circumventing the same-origin policy. 

“Due to a vulnerability in the server-side implementation of part of the URL was reflected as html so it was possible to get XSS on the origins using that component from the 404 page,” researcher ‘NDevTK’, explained in a blog post. 

The second vulnerability is a DOM-based XSS on Google Play. DOM-based XSS vulnerabilities usually arise when JavaScript takes data from an attacker-controllable source, such as the URL, and passes it to a sink that supports dynamic code execution, such as eval() or innerHTML. This allows hackers to implement malicious JavaScript, which typically paves a way to hijack other users’ accounts.

The researcher explained in his blog that the CSP would mitigate the Google Play XSS vulnerability. Yet, Google still preferred to reward the bug discovery with a hefty bounty of $3,133.70 for the DevSite bug and $5,000 for the vulnerability in Google Play. 

“On the search page of [the] Google Play console vulnerable code was run when the search resulted in an error. Getting an error was simple as doing /?search=& and because window.location includes the hash which never encodes ' it’s possible to escape the href context and set other html attributes. Unlike the DevSite XSS this is prevented by the CSP but was still awarded more by the panel,” the researcher added. 

Last year in November, a researcher at Persistent System unearthed cross-site scripting (XSS) vulnerability in Chrome’s ‘New Tab’ page (NTP) that allowed hackers to run arbitrary JavaScript code. The hackers exploited the vulnerability by sending an HTML file to the target that contained a cross-site request forgery (CSRF). 

If the target opened the file, the CSRF script started operating and the query was stored in the browser’s search history. When the user opened an NTP for a second time and clicked on the Google search bar, the malicious code was triggered.

Most Common Types of Cyberattacks as Seen Today





As cyber-attacks are on a continuous rise they have resulted in being one of the major threats to the world. Since 2008 there has never been much concern given about the imminent threat of cyber-attacks but the steady and rapid evolution of time and technology has changed it. It is a major wake up call to the various existing companies and organisation to secure themselves as well as their customers to not fall victim to such attacks.

Therefore in order to comprehend different ways through which an attacker might resort to for hacking into an organisation, here’s an overview of some of the most common types of attacks seen today:
  • MALWARE

Alluding to the different types of harmful software, for example, viruses and ransomware. Once the malware enters the computer system it is more than capable of causing quite havoc. From taking control of the PC to observing your activities, to quietly sending a wide range of classified information from your PC or system to the attacker's home base.

Attackers will utilize a miscellany of techniques to get the malware into your PC; however at some stage it regularly requires the user to make a move to install the malware. This can incorporate clicking a link to download a document, or opening an attachment that may look safe but in reality it has a malware installer hidden inside.
  •   PHISHING

At the point when an attacker needs the user to install the malware or unveil any sensitive data, they frequently resort to phishing attacks, an attacker may send you an email that will appear to be rather legitimate, it will contain an attachment to open or a link to click. When you do so it'll thereby install malware in your computer. There is likewise a probability that the link will connect you to a website that appears quite legitimate and requests you to sign in, in order to access a critical document—with the exception of the website actually being a trap used to capture your credentials when you attempt to sign in.
  •  CROSS-SITE SCRIPTING

When the attacker specifically focuses on a specific site's users it settles on Cross-Site Scripting attack. The attack includes infusing malignant code into a site; however for this situation the site itself isn't being attacked. Rather, the pernicious code the assailant has infused just keeps running in the user's program when they visit the infected site, and it pursues the user directly and not the site.

Cross-webpage scripting attacks can altogether harm a website's notoriety by setting the users' data in danger without any sign that anything pernicious even happened. Any sensitive data a user sends to the website, for example, their qualifications, credit card information, or other private information—can be captured by means of cross-site scripting without the site owners acknowledging there was even an issue in the first place.

  • CREDENTIAL REUSE

When it comes to credentials, variety is always essential. Users today however have so many logins and passwords to remember from that it's very tempting to reuse some of them to make life somewhat less demanding. Now despite the fact that it is suggested that you have interesting passwords for every one of your applications and sites, numerous individuals still reuse their passwords which unfortunately is a fact that attackers heavily rely upon. Once these attackers have a compilation of these usernames and passwords from an already breached site, they then utilize these same credentials on different sites where there's a shot they'll have the chance to sign in.

This nonetheless, is only a small selection of some very common attack types and methods as likewise with the advancement in time and innovation, new techniques will be developed by attackers. The users however are advised to be aware of such attacks and fundamentally try at enhancing their available security.