This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application.
MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. We show that, without proper safeguards, malicious MCP servers can exploit the sampling feature for a range of attacks. We demonstrate these risks in practice through three proof-of-concept (PoC) examples conducted within the coding copilot, and discuss strategies for effective prevention.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- How it works: The novel HTTP/2 ‘Rapid Reset’ DDoS attack
October 10, 2023
A number of Google services and Cloud customers have been targeted with a novel HTTP/2-based DDoS attack which peaked in August. These attacks were significantly larger than any previously-reported Layer 7 attacks, with the largest attack surpassing 398 million requests per second. The attacks were largely stopped at the edge of our network by Google’s ...
- Grayling: Previously unseen threat actor targets multiple organizations in Taiwan
October 10, 2023
A previously unknown advanced persistent threat (APT) group used custom malware and multiple publicly available tools to target a number of organizations in the manufacturing, IT, and biomedical sectors in Taiwan. A government agency located in the Pacific Islands, as well as organizations in Vietnam and the U.S., also appear to have been hit as ...
- ‘Gay furry hackers’ brag of second NATO break-in, steal and leak more data
October 10, 2023
On Sunday, the SiegedSec crew claimed it broke into six NATO web portals: the alliance’s Joint Advanced Distributed Learning e-learning website; the NATO Lessons Learned Portal, from which the gang said it stole 331 documents; the Logistics Network Portal (588 documents and other files); the Communities of Interest Cooperation Portal; the NATO Investment Division Portal ...
- Survey finds more than 50% of German companies victim of cyberattacks
October 10, 2023
A multi-country survey by the British insurer Hiscox shows that security authorities around the world are struggling in the fight against cybercrime. According to the Hiscox comparison with selected countries, German businesses are relatively frequent targets of hackers. The latest edition of the annual comparison of eight countries shows 53% of the companies surveyed reported cyberattacks. According ...
- ‘Predator Files’ spyware scandal reveals brazen targeting of civil society, politicians and officials
October 9, 2023
Shocking spyware attacks have been attempted against civil society, journalists, politicians and academics in the European Union (EU), USA and Asia, according to a major new investigation by Amnesty International. Among the targets of Predator spyware are United Nations (UN) officials, a Senator and Congressman in the USA and even the Presidents of the European ...
- IZ1H9 Campaign Enhances Its Arsenal with Scores of Exploits
October 9, 2023
In September 2023, our FortiGuard Labs team observed that the IZ1H9 Mirai-based DDoS campaign has aggressively updated its arsenal of exploits. Thirteen payloads were included in this variant, including D-Link devices, Netis wireless router, Sunhillo SureLine, Geutebruck IP camera, Yealink Device Management, Zyxel devices, TP-Link Archer, Korenix Jetwave, and TOTOLINK routers. Based on the trigger counts ...