This article examines the security implications of the Model Context Protocol (MCP) sampling feature in the context of a widely used coding copilot application.
MCP is a standard for connecting large language model (LLM) applications to external data sources and tools. We show that, without proper safeguards, malicious MCP servers can exploit the sampling feature for a range of attacks. We demonstrate these risks in practice through three proof-of-concept (PoC) examples conducted within the coding copilot, and discuss strategies for effective prevention.
Read more…
Source: Palo Alto Unit 42
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Detecting Windows AMSI Bypass Techniques
December 21, 2022
Windows Antimalware Scan Interface (AMSI) is an agnostic security feature in the Windows operating system (OS) that allows applications and services to integrate with security products installed on a computer. Introduced by Microsoft in 2015, it provides a standard interface that allows solutions to scan files, memory, and other data for threats. This can help ...
- Godfather: A banking Trojan that is impossible to refuse
December 21, 2022
The Android banking Trojan Godfather is currently being utilized by cybercriminals to attack users of popular financial services across the globe. Godfather is designed to allow threat actors to harvest login credentials for banking applications and other financial services, and drain the accounts. To date, its victims include users of over 400 international targets, including ...
- Microsoft research uncovers new Zerobot capabilities
December 21, 2022
Botnet malware operations are a constantly evolving threat to devices and networks. Threat actors target Internet of Things (IoT) devices for recruitment into malicious operations as IoT devices’ configurations often leave them exposed, and the number of internet-connected devices continue to grow. Recent trends have shown that operators are redeploying malware for a variety of ...
- Guardian hit by serious IT incident believed to be ransomware attack
December 21, 2022
The Guardian has been hit by a serious IT incident, which is believed to be a ransomware attack. The incident began late on Tuesday night and has affected parts of the company’s technology infrastructure, with staff told to work from home. There has also been some disruption to behind-the-scenes services. Read more… Source: The Guardian
- As cyber criminals start targeting retail, companies must be ready to fight back
December 20, 2022
Given the current geopolitical situation, it’s easy to conflate cybersecurity with the war in Ukraine and bad actors overseas. Historically, cyber-attacks have traditionally been associated with nation states and hacktivists conducting high-profile attacks on high-profile targets to wreak havoc, make headlines, and draw attention to their cause. However, the current cyber-security landscape is far murkier ...
- Raspberry Robin Malware Targets Telecom, Governments
December 20, 2022
Trend Micro researchers found a malware sample allegedly capable of connecting to the Tor network to deliver its payloads. Their initial analysis of the malware, which compromised a number of organizations toward the end of September, showed that while the main malware routine contains both the real and fake payloads, it loads the fake payload ...