This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application.
MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. We show that, without proper safeguards, malicious MCP servers can exploit the sampling feature for a range of attacks. We demonstrate these risks in practice through three proof-of-concept (PoC) examples conducted within the coding copilot, and discuss strategies for effective prevention.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Chinese Alloy Taurus Updates PingPull Malware
April 26, 2023
Unit 42 researchers recently identified a new variant of PingPull malware used by Alloy Taurus actors designed to target Linux systems. While following the infrastructure leveraged by the actor for this PingPull variant, we also identified their use of another backdoor we track as Sword2033. The first samples of PingPull malware date back to September 2021. ...
- Irrigation Systems in Israel Hit With Cyber Attack That Temporarily Disabled Farm Equipment
April 25, 2023
A cyber attack that targeted irrigation systems in Israel is thought to be part of an annual “hacktivist” campaign that takes place every April, and this year’s attempt at least managed to cause a nuisance for some farms in the Jordan Valley. The hackers targeted both farms and wastewater treatment plants. They seemingly had little success ...
- Abuse of the Service Location Protocol May Lead to DoS Attacks
April 25, 2023
The Service Location Protocol (SLP, RFC 2608) allows an unauthenticated remote attacker to register arbitrary services. This could allow an attacker to use spoofed UDP traffic to conduct a denial-of-service (DoS) attack with a significant amplification factor. Researchers from Bitsight and Curesec have discovered a way to abuse SLP—identified as CVE-2023-29552—to conduct high amplification factor DoS ...
- Intel CPUs vulnerable to new transient execution side-channel attack
April 24, 2023
A new side-channel attack impacting multiple generations of Intel CPUs has been discovered, allowing data to be leaked through the EFLAGS register. The new attack was discovered by researchers at Tsinghua University, the University of Maryland, and a computer lab (BUPT) run by the Chinese Ministry of Education and is different than most other side-channel attacks. Read ...
- Cyber Thieves Are Getting More Creative
April 24, 2023
Cybercriminals pull off many of their crimes by combining lots of real information with just a tiny bit of misinformation, which can be financially devastating for both companies and individuals. This article describes some recent examples of this technique, which include exploiting wire transfers, stealing paychecks, and tricking employees into helping “the boss.” It’s important to ...
- Tomiris called, they want their Turla malware back
April 24, 2023
Kaspersky introduced Tomiris to the world in September 2021, following their investigation of a DNS-hijack against a government organization in the Commonwealth of Independent States (CIS). Kaspersky researchers initial report described links between a Tomiris Golang implant and SUNSHUTTLE (which has been associated to NOBELIUM/APT29/TheDukes) as well as Kazuar (which has been associated to Turla); ...