Ghosted by Grafana [Research Saturday]
CyberWire Daily23 Touko

Ghosted by Grafana [Research Saturday]

Today we are joined by ⁠Sasi Levi⁠, Security Research Lead at ⁠Noma Security⁠, sharing their team's work on "GrafanaGhost: The Phantom Stealing Your Data." Researchers at Noma Security disclosed “GrafanaGhost,” a vulnerability that could allow attackers to silently exfiltrate sensitive business data from Grafana dashboards using indirect prompt injection techniques. The attack chains together multiple bypasses, including protocol-relative URLs and AI guardrail manipulation, to trick Grafana into sending sensitive data to attacker-controlled servers without requiring user interaction. Researchers say the flaw highlights growing risks tied to AI-integrated enterprise platforms, where attackers increasingly target AI behavior and weak security controls instead of traditional software bugs. The research and executive brief can be found here: ⁠GrafanaGhost: The Phantom Stealing Your Data⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Tämä jakso on lisätty Podme-palveluun avoimen RSS-syötteen kautta eikä se ole Podmen omaa tuotantoa. Siksi jakso saattaa sisältää mainontaa.

Jaksot(3644)

The skills pay the bills. [Research Saturday]

The skills pay the bills. [Research Saturday]

Today we are joined by Marco Giuliani, Vice President & Head of Research at ThreatDown, discussing their work on "GachiLoader adopts AI skill lure." Threat actors are now using fake AI agent “skills” ...

30 Touko 24min

Mind the gap between IT and OT.

Mind the gap between IT and OT.

Iranian hackers hit LA transit. Chinese cyber operators target Middle East infrastructure. Dutch police take down a 17-million-device botnet. Researchers uncover a phishing risk in ChatGPT. Anthropic ...

29 Touko 28min

The military wants to move at cyber speed.

The military wants to move at cyber speed.

Cyber Command’s new chief pushes modernization as lawmakers warn commercial location data is exposing U.S. troops. A third-party UK visa site leaks passports and selfies. Microsoft slams unpatched zer...

28 Touko 31min

Breaking the GlassWorm.

Breaking the GlassWorm.

A major takedown disrupts the GlassWorm botnet. The White House rewrites federal cyber logging rules as CISA faces cuts amid rising AI threats. Federal agencies ramp up scrutiny of so-called anti-tech...

27 Touko 28min

Attackers found a new way around MFA.

Attackers found a new way around MFA.

The FBI warns attackers are abusing Microsoft OAuth authentication. India pushes faster patching as AI speeds up cyberattacks. Iranian hackers blend phishing with SEO poisoning. Anthropic’s AI finds t...

26 Touko 26min

The Code of Honor: Paul J. Maurer and Ed Skoudis explore ethics in cybersecurity with Ben Yelin. [Special Edition]

The Code of Honor: Paul J. Maurer and Ed Skoudis explore ethics in cybersecurity with Ben Yelin. [Special Edition]

Authors Paul J. Maurer and Ed Skoudis join Caveat podcast co host Ben Yelin to discuss their new book: "The Code of Honor: Embracing Ethics in Cybersecurity." The book is a comprehensive and practical...

25 Touko 28min

The current state of GPS following OCX with Dr. Sean Gorman, CEO of Zephr.xyz. [T-Minus: Space-Cyber Briefing]

The current state of GPS following OCX with Dr. Sean Gorman, CEO of Zephr.xyz. [T-Minus: Space-Cyber Briefing]

Despite being an indispensable technology, traditional GPS remains vulnerable to exploitation and is needed for an update. In this week's episode, host Maria Varmazis sits down with Dr. Sean Gorman,...

24 Touko 21min

Suosittua kategoriassa Politiikka ja uutiset

uutiscast
aikalisa
politiikan-puskaradio
ootsa-kuullut-tasta-2
rss-ootsa-kuullut-tasta
rss-podme-livebox
tervo-halme
otetaan-yhdet
rss-vaalirankkurit-podcast
et-sa-noin-voi-sanoo-esittaa
viisupodi
rss-asiastudio
rss-kaikki-uusiksi
rss-hyvaa-huomenta-bryssel
rss-girls-finish-f1rst
rss-ulkopoditiikkaa
linda-maria
the-ulkopolitist
rss-sinivalkoinen-islam
rss-pinnalla