Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this month’s Patch Tuesday, as Microsoft reminded customers today. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Multiple editions of Windows 10 21H2 have reached their end of service (EOS) in this month’s Patch Tuesday, as Microsoft reminded customers today. […] Read More
BleepingComputer
Researchers Jailbreaked Text-To-Image LLM Models Using Atlas Agent
LLM agents, combining large language models with memory and tool usage, have shown promise in diverse domains.
While successful in fields like software engineering and industrial automation, their potential in generative AI safety remains largely unexplored.
Given the rapid advancement and widespread adoption of text-to-image models, identifying safety vulnerabilities in these models poses significant challenges by proposing and leveraging LLM agents’ information processing capabilities to enhance the understanding and exploration of safety risks within generative AI.
Autonomous agents are defined as entities with a brain, memory, and action space. LLM-based multi-agent systems are composed of agents interacting in an environment under a transition function.
How to Build a Security Framework With Limited Resources IT Security Team (PDF) – Free Guide
Adversarial prompts are crafted to bypass text-to-image model safety filters while maintaining semantic similarity to target prompts.
The focus is on black-box jailbreak attacks, targeting the model’s input-output behavior without knowledge of internal mechanisms or safety filters, demonstrating the robustness of the proposed approach.
The mutation agent, a core component of Atlas, employs a Vision Language Model (VLM) as its brain to analyze visual and textual information.
An in-context learning (ICL)-based memory module uses a semantic-based memory retriever to store and rank successful adversarial prompts, which then guides mutations that happen after them.
The agent’s actions include text generation and tool utilization, such as a multimodal semantic discriminator to measure imhttps://arxiv.org/pdf/2408.00523age-text similarity, ensuring generated images align semantically with the original prompt, which enables the mutation agent to iteratively refine prompts, bypassing safety filters while preserving semantic coherence.
Atlas is a system designed to bypass safety filters in text-to-image models by employing LLaVA-1.5 and ShareGPT4V13b for generating adversarial prompts and Vicuna-1.5-13b for evaluating them.
Atlas targets stable diffusion variants and DALL-E 3 for evaluation, and measures the efficacy of the safety filters using bypass rates, image similarity (FID), and query efficiency.
The system iteratively refines prompts based on filter responses, aiming to produce images that circumvent safety restrictions while maintaining semantic coherence with the original prompt.
Atlas demonstrated superior performance in bypassing diverse safety filters across the Stable Diffusion and DALL-E 3 models, achieving high bypass rates with minimal queries and maintaining semantic similarity to the original prompts.
Compared to baselines, Atlas consistently outperformed competitors in one-time bypass rates, often matched or exceeded re-use rates, and generally produced images with higher fidelity.
This model works well because it uses an iterative optimization process and a VLM-based mutation agent that can work with different VLM models without affecting performance too much.
The study investigates the influence of key parameters on Atlas’ jailbreak performance. Increasing the number of agents from one to three significantly improves bypass rates, demonstrating the effectiveness of multi-agent collaboration.
A higher semantic similarity threshold reduces bypass rates but maintains high success rates. Long-term memory is crucial for performance, with optimal memory length at five, while excessive length hinders performance.
Are you from SOC and DFIR Teams? – Analyse Malware Incidents & get live Access with ANY.RUN -> Free Access
The post Researchers Jailbreaked Text-To-Image LLM Models Using Atlas Agent appeared first on Cyber Security News.
How to remove a user from a shared Mac
There will be times when you need to remove a user from a device. In this article we’ll show you how to remove a user from a Mac.
For a better understanding it’s good to understand the difference between an actual user of the device and a “sharing only user.” On a Mac, you can use Sharing Only User settings to create a user that has access to your files and folders over the network. You can also use these settings to limit their access to your shared information and system.
Both have very similar ways of removal:
Apple menu > System Settings
Click Users & Groups in the sidebar. (You may need to scroll down.)
Click the Info button next to the user or group you want to delete, then click Delete User or Delete Group. Note: If a user is logged in to this Mac now, you can’t select them.
This will delete sharing users immediately. For other users you’ll have to decide what you want to do with their Home folder first. You can delete it, keep it, or save it in a disk image.
To save it in a disk image, select Save the home folder in a disk image, then click Delete User. This archives all the user’s documents and information so the user can be restored later if needed. The disk image is saved in /Users/Deleted Users/.
To leave the user’s home folder as is, select Don’t change the home folder, then click Delete User. The user’s documents and information are saved and the user can be restored later if needed. The Home folder remains in /Users/.
To remove the user’s home folder from the computer: Select Delete the home folder, then click Delete User. The user’s folder will be deleted.
If you don’t delete a user’s home folder, you can restore the user and the contents of the home folder. (A sharing-only user doesn’t have a home folder.)
Did you know there’s a Malwarebytes for Mac? Give it a try!
Lessons Learned from the CISA – Ivanti Cyberattack – 2024
[[{“value”:”
In today’s digital era, the frequency and sophistication of cyberattacks are on the rise, posing a serious threat to businesses and organizations worldwide. Among these incidents, the cyberattack on the Cybersecurity and Infrastructure Security Agency (CISA) this year due to Ivanti software vulnerabilities is a stark reminder of the vulnerabilities within even the most secure systems.
The CISA-Ivanti cyberattack not only highlighted the vulnerabilities in cybersecurity practices but also provided valuable insights into how organizations can better protect themselves against future threats. This blog post aims to shed light on the lessons learned from this cyberattack, emphasizing the importance of proactive measures in safeguarding digital assets.
First and foremost, the incident underscores the critical need for comprehensive vulnerability assessments. Such assessments are vital in identifying potential security gaps that cybercriminals could exploit.
However, effectively conducting these assessments requires specialized knowledge and tools that many organizations may not possess internally. This is where a cyber security company’s role becomes invaluable. Partnering with them enables organizations to gain access to expert knowledge and advanced technologies designed for in-depth vulnerability analysis.
Moreover, these companies offer continuous monitoring and periodic assessments, ensuring that emerging threats are identified and addressed promptly, thereby significantly reducing the risk of a successful cyberattack.
Patch management is a critical cybersecurity practice that involves regularly updating software and systems with patches released by vendors to fix vulnerabilities. Neglecting this practice opens the door for cybercriminals to exploit known vulnerabilities, potentially leading to data breaches, system disruptions, and significant financial and reputational damage.
Effective patch management not only includes the timely application of these updates but also requires a systematic approach to ensure that all systems are consistently monitored and updated. This prevents the creation of security gaps that could be exploited in a coordinated attack.
The challenge of patch management lies in its complexity, especially for organizations with diverse and sprawling IT environments. It’s not uncommon for systems to be missed during the update process or for patches to be incompatible with certain applications, leading to further issues. Here, the expertise of a cyber security company can be invaluable.
These companies can automate the patch management process, ensuring comprehensive coverage of all systems, and perform thorough testing to verify that patches don’t introduce new issues. Prioritizing and streamlining this process will enable organizations to reduce their attack surface and enhance their overall security significantly.
Human error remains one of the most significant vulnerabilities in any security system. Phishing attacks, password mishandling, and inadvertent data leaks are common issues that can lead to major security breaches. Hence, regular, engaging training sessions on cybersecurity, recognizing potential threats, and learning best practices for maintaining security are still essential components of a robust cybersecurity strategy.
Beyond basic training, organizations should strive to create an environment where cybersecurity awareness is part of the daily routine. This involves regular updates on new threats, sharing incidents of attempted breaches (without assigning blame), and encouraging open communication about security concerns.
A cyber security company can provide valuable support in this area, offering up-to-date training modules, simulated phishing exercises, and awareness campaigns tailored to the organization’s specific needs and threats.
Multi-factor authentication (MFA) is increasingly recognized as a critical defence mechanism against unauthorized access to systems and data. Implementing multiple verification factors, such as a password, security token, or biometric information, is essential to enhance security and ensure safe access to sensitive information. This multifaceted approach significantly complicates attackers’ efforts, as the compromise of one factor alone is insufficient to breach the system.
Implementing MFA can present challenges, particularly in terms of user convenience and integration with existing systems. However, the security benefits far outweigh these challenges.
A cyber security company can assist in the seamless integration of MFA, ensuring that it complements the existing infrastructure without diminishing user experience. They can also guide the most effective authentication methods for different levels of access, ensuring that security measures are proportionate to the sensitivity of the information being protected.
A robust incident response plan is essential for minimizing the impact of a cyberattack. In the event of an incident, it’s crucial to have a plan in place that outlines procedures for a swift and coordinated response to contain and mitigate damage.
Key components include establishing an incident response team, clear communication channels, and predefined roles and responsibilities. Preparation, through regular drills and simulations, ensures that the team can act decisively under pressure, reducing downtime and financial loss.
Furthermore, post-incident analysis conducted by external experts can reveal valuable lessons, guiding improvements to the incident response plan and the broader security strategy. This continuous preparation, response, and improvement cycle is important in building resilience against future cyber threats.
The CISA-Ivanti cyberattack brought light to several critical lessons in cybersecurity practices. Given the complexity and sophistication of such cyber threats, it becomes evident that navigating these challenges requires the expertise and resources of professional cybersecurity companies.
The post Lessons Learned from the CISA – Ivanti Cyberattack – 2024 appeared first on Cyber Security News.
“}]] Read More
Cyber Security News