Security News

Cybersecurity researchers have discovered a new variant of the Gafgyt botnet that's targeting machines with weak SSH passwords to ultimately mine cryptocurrency on compromised instances using their GPU computational power. The infected devices are corralled into a botnet capable of launching distributed denial-of-service attacks against targets of interest.

Arm is warning of a security vulnerability impacting Mali GPU Kernel Driver that it said has been actively exploited in the wild. Tracked as CVE-2024-4610, the use-after-free issue impacts the...

Arm has issued a security bulletin warning of a memory-related vulnerability in Bifrost and Valhall GPU kernel drivers that is being exploited in the wild. The security issue is tracked as CVE-2024-4610 and is a use-after-free vulnerability that impacts all versions of Bifrost and Valhall drivers from r34p0 through r40p0.

"[I]n just one minute per prompt, we get an attack success rate of 89 percent on jailbreaking Vicuna-7B- v1.5, while the best baseline method achieves 46 percent," the authors state in their paper. "BEAST can attack a model as long as the model's token probability scores from the final network layer can be accessed. OpenAI is planning on making this available. Therefore, we can technically attack publicly available models if their token probability scores are available."

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.

Researchers at cybersecurity research and consulting firm Trail of Bits have discovered a vulnerability that could allow attackers to read GPU local memory from affected Apple, Qualcomm, AMD and Imagination GPUs. In particular, the vulnerability-which the researchers named LeftoverLocals-can access conversations performed with large language models and machine learning models on affected GPUs.

Research made public on Tuesday detailed how miscreants can exploit the hole to read data they're not supposed to in a system's local GPU memory. While the flaw potentially affects all GPU applications on vulnerable chips, it is especially concerning for those processing machine-learning applications because of the amount of data these models process using GPUs, and therefore the amount of potentially sensitive information that could be swiped by exploiting this issue.

A new vulnerability dubbed 'LeftoverLocals' affecting graphics processing units from AMD, Apple, Qualcomm, and Imagination Technologies allows retrieving data from the local memory space. [...]

Qualcomm is warning of three zero-day vulnerabilities in its GPU and Compute DSP drivers that hackers are actively exploiting in attacks. Qualcomm says it has released security updates that address the issues in its Adreno GPU and Compute DSP drivers, and impacted OEMs were also notified.

A vulnerability in the kernel drivers for several Mali GPUs "May be under limited, targeted exploitation," British semiconductor manufacturer Arm has confirmed on Monday, when it released drivers updated with patches. Arm's Mali GPUs are used on a variety devices, most prominently on Android phones by Google, Samsung, Huawei, Nokia, Xiaomi, Oppo, and other manufacturers.