Read about our expertise areas. We bring world class expertise to solve cyber security challenges.
Should you let ChatGPT control your browser?
We present the security risks of granting LLMs control over web browsers, with a focus on prompt injection vulnerabilities. We demonstrate exploitation through two scenarios using Taxy AI, a representative proof-of-concept browser agent, where attackers manage to hijack the agent and (1) exfiltrate confidential information from a user’s mailbox, (2) force the merge of a malicious pull request on a GitHub repository.
runc working directory breakout (CVE-2024-21626)
An analysis of CVE-2024-21626 which is a vulnerability in runc that allows for container breakout.
eLinkSmart - Unlocking Bluetooth LE padlocks with polite requests
Multiple vulnerabilities were found in the eLinkSmart smart lock range. Flaws in the implementation of the locks' Bluetooth Low Energy (BLE) communication and the back-end API enable an attacker to unlock any lock within Bluetooth range, identify the location of any lock in the world, and compromise user credentials.
This blog post describes the vulnerabilities, as well as the process followed to identify them, and demonstrates the issues in action.
DarkGate Rises: New version of DarkGate malware hunts like a Duck but bites like a RAT
WithSecure Detection and Response Team (DRT) received an alert regarding spoofed process injection with abnormal memory characteristics on a host belonging to a WithSecure Countercept MDR customer. The DRT triaged the host and determined the presence of malware which had not previously been observed on our customer base. Whilst this malware shared similarities with known ‘infostealers’ (showing a similarity to ‘DUCKTAIL’, which WithSecure identified in the latter half of 20211), the sophistication of observed tradecraft in this case was significantly beyond that seen in other examples.
This blog post presents plausible scenarios where prompt injection techniques might be used to transform a ReAct-style LLM agent into a “Confused Deputy”. These attacks not only compromise the integrity of the agent's operations but can also lead to unintended outcomes that could benefit the attacker or harm legitimate users.
DarkGate malware campaign
Vietnamese cybercrime groups are using multiple different Malware as a Service (MaaS) infostealers and Remote Access Trojans (RATs) to target the digital marketing sector. These actors greatly value Facebook business accounts and hijacking these accounts appears to be one of their primary goals. The targeting and methods of these groups heavily overlap to an extent that suggests that they are a closely related cluster of operators/groups. It is possible to identify campaigns carried out by these groups through non-technical indicators, such as their lure topics, lure files, and associated metadata.