This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application.
MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. We show that, without proper safeguards, malicious MCP servers can exploit the sampling feature for a range of attacks. We demonstrate these risks in practice through three proof-of-concept (PoC) examples conducted within the coding copilot, and discuss strategies for effective prevention.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Here’s a list of proxy IPs to help block KillNet’s DDoS bots
February 6, 2023
A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics. At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses ...
- UK Engineering Company Vesuvius Hit by Cyber Attack
February 6, 2023
Vesuvius PLC said Monday that it is currently managing a cyber incident that involved unauthorized access to its systems. The U.K. engineered-ceramics manufacturer said as soon as it was aware of the unauthorized activity, it took the necessary steps to respond, including shutting down affected systems. Read more… Source: Market Watch
- Okta customers report dramatic increase in cyber-attacks
February 3, 2023
A marketing survey from digital identity firm Okta fielded in the first quarter of last year highlights dangers that, while hardly unknown, are sobering. The survey and report examined the state of secure identity, and came up with three facts the market needs to come to grips with. Read more… Source: Biometric Update
- TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
February 3, 2023
Trend Micro researchers analyzed an ongoing campaign that has been targeting Android users in Southeast Asia since July 2022. Its goal is to steal victims’ assets from finance and banking applications (such as cryptocurrency wallets, credentials for official bank apps on mobile, and money in deposit), via a banking trojan they named TgToxic (detected by Trend ...
- Tallahassee Memorial hospital victim of suspected ransomware attack
February 3, 2023
Tallahassee Memorial HealthCare is postponing all non-emergency patient procedures as officials manage an Information Technology security issue that occurred late Thursday night, according to a memo from the hospital. The IT security breach is a suspected ransomware attack, according to sources with knowledge of the situation. Read more… Source: Florida Politics
- GoAnywhere MFT zero-day vulnerability lets hackers breach servers
February 3, 2023
The developers of the GoAnywhere MFT file transfer solution are warning customers of zero-day remote code execution vulnerability on exposed administrator consoles. GoAnywhere is a secure web file transfer solution that allows companies to securely transfer encrypted files with their partners while keeping detailed audit logs of who accessed the files. Read more… Source: Bleeping Computer