Paul's Security Weekly (Audio) Prompt Injection, CISA, Patch Tuesday - PSW #861
Feb 13, 2025
This week, tune in to hear about the intriguing possibility of installing Linux in PDFs and the serious security measures taken by TP-Link. The discussion dives into the latest Patch Tuesday updates affecting major companies like Intel and Microsoft. Ever thought of hacking your space heater for kicks? They cover it! Explore the quirks of smart homes and the security risks tied to them. Plus, get insights on prompt injection attacks and vulnerabilities associated with medical devices, all while balancing humor and critical cybersecurity themes.
AI Snips
Chapters
Transcript
Episode notes
Zyxcel Telnet Vulnerabilities Persist
- Zyxcel routers have Telnet command injection vulnerabilities that are still exploited in the wild.
- Despite being end-of-life, about 1500 internet-facing vulnerable units remain active, mostly masquerading as ISP equipment.
Segment Home Networks for IoT
- Segment your home network to isolate smart TVs, Android boxes, and IoT devices.
- This prevents malicious malware on these devices from spreading to your critical systems.
Prompt Injection Risks in LLMs
- LLMs have no separation between administrative and user commands, making prompt injection attacks possible.
- Hidden prompts in proprietary data can poison responses and create persistent backdoors in AI models.