"The hackers in this case were white-hat researchers from security firm Varonis. The net effect of their multistage attack was that they exfiltrated data, including the target's name, location, and details of specific events from the user's Copilot chat history. The attack continued to run even when the user closed the Copilot chat, with no further interaction needed once the user clicked the link in the email. The attack and resulting data theft bypassed enterprise endpoint security controls and detection by endpoint protection apps."
"The base URL pointed to a Varonis-controlled domain. Appended to the end was a long series of detailed instructions in the form of a q parameter, which Copilot and most other LLMs use to input URLs directly into a user prompt. When clicked, the parameter caused Copilot Personal to embed personal details into web requests. The verbatim prompt embedded as a q parameter read:"
White-hat researchers from security firm Varonis developed a multistage attack that exfiltrated Copilot chat data after a user clicked a single URL. The stolen data included the target's name, location, and details of specific events from the user's Copilot chat history. The exploit continued to run even after the user closed the Copilot chat, requiring no additional interaction once the link was clicked. The attack bypassed enterprise endpoint security controls and detection by endpoint protection apps. The exploit used a base URL with a long q parameter containing a malicious prompt, which caused Copilot Personal to embed personal details into web requests. Microsoft fixed the vulnerability.
Read at Ars Technica
Unable to calculate read time
Collection
[
|
...
]