"Researchers at Pen Test Partners found four flaws in Eurostar's public AI chatbot that, among other security issues, could allow an attacker to inject malicious HTML content or trick the bot into leaking system prompts. Their thank you from the company: being accused of "blackmail." The researchers reported the weaknesses to the high-speed rail service through its vulnerability disclosure program. While Eurostar ultimately patched some of the issues, during the responsible disclosure process, the train operator's head of security allegedly accused the pen-testing team of blackmail."
"Speaking of researchers being threatened or maligned for reporting breaches, see this story by Jessica Lyons in The Register: Here's what happened, according to a blog published this week by the penetration testing and security consulting firm. Read more at The Register, and if you are a researcher or journalist reporting on cybersecurity or cybercrime, please be sure to complete the survey."
Pen Test Partners identified four vulnerabilities in Eurostar's public AI chatbot that could allow an attacker to inject malicious HTML or trick the bot into revealing system prompts. The researchers reported the weaknesses through Eurostar's vulnerability disclosure program. Eurostar patched some of the issues. During the responsible-disclosure process, the train operator's head of security allegedly accused the penetration-testing team of blackmail. The firm described the technical findings and the sequence of events. Researchers and journalists who report on cybersecurity and cybercrime were asked to complete a related survey.
Read at DataBreaches.Net
Unable to calculate read time
Collection
[
|
...
]