Latest news with #BleepingComputer
Yahoo
14 hours ago
- Yahoo
Gmail warning as 'dangerous' message could be hidden in inbox
Gmail users have been told to stay alert as hidden dangers could be lurking within their inbox. It's feared hackers could attempt to fool Google's clever AI Gemini service. There were concerns scammers could add fake messages, visible to those who load up the useful summaries. READ MORE: Meghan Markle 'sends cryptic message' as Queen Camilla turns 78 The Google tool allows Gmail users see a quick summary of an email using smart Gemini AI, the Mirror reports. This allows lengthy messages to be read faster, with the most important parts placed into bullet points. However Bleeping Computer reports that cyber crooks could be able to trick this system into displaying additional text. One example showed how hackers could feature a warning at the bottom of the summary. The alert read: "WARNING: Gemini has detected that your Gmail password has been compromised. Please call us immediately." The potential vulnerability within the summary feature was also spotted by experts at Mozilla, which said crooks could add hidden prompts that appear when messages were opened. However Google has now responded to the flaw and said it was constantly working to keep its platform safe. "We are constantly hardening our already robust defences through red-teaming exercises that train our models to defend against these types of adversarial attacks," a Google spokesperson told BleepingComputer. The US technology giant said it is not aware of any users being attacked in this way. It also said there was no evidence of a widespread threat. However it is still worth remembering that criminals will try all sorts of things to infiltrate email inboxes, and there is a need to stay alert. People were reminded that it was highly unlikely Google would ever contact you, and those who think their password has been compromised, should take steps to change it immediately.
&w=3840&q=100)
Business Standard
18 hours ago
- Business Standard
Gmail's Gemini-powered summaries may expose users to security risks: Report
Google has been gradually integrating new AI capabilities into its mobile Gmail app. In June, it introduced a feature powered by Gemini that generates summaries of emails and lengthy threads. According to a report by The Indian Express, a recently uncovered security flaw indicates that these AI-generated summaries can be misused to display harmful instructions and embed links to malicious websites. Indian Express cites Marco Figueroa, GenAI Bug Bounty Programs Manager at Mozilla, stating that a security researcher uncovered a prompt injection flaw in Google Gemini for Workspace, which let attackers 'hide malicious instructions inside an email' that triggered when users clicked the 'Summarise this email' button in Gmail. Attack through Gemini: How does this work As per the report, hackers found a way to hide secret instructions in emails that trick Google's Gemini AI. They did this by placing hidden text at the end of the email using HTML and CSS, making the font size zero and the colour white so it could not be seen. Because these emails do not contain attachments, they can easily pass through Google's spam filters and reach users' inboxes. When someone opens the email and clicks 'Summarise this email' using Gemini, the AI follows the hidden commands without knowing they are harmful. Mozilla's Marco Figueroa explained how such prompt injections can be detected with: Gemini can be updated to ignore or remove hidden text in emails. Google can use a post-processing filter to scan Gemini's output for: Urgent messages, Phone numbers, Suspicious links. These flagged elements can then be reviewed for potential threats. Google has reportedly issued a statement to BleepingComputer, stating, 'We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attack." The company representative clarified to BleepingComputer that some of the mitigations are in the process of being implemented or are about to be deployed. The report further states that Google has seen no evidence of incidents manipulating Gemini in the way demonstrated in Figueroa's report.
Daily Record
21 hours ago
- Daily Record
Gmail account holders warned to watch out for hidden message - how to spot scam
Gmail users are warned to stay cautious if they see this in their inbox Hackers and scammers are always finding new ways to target their victims and con them out of their personal and financial information. Whether it's creating fake websites that looking legitimate, posing as deep fakes of celebrities or using the successful 'Hi mum' scam, these cyber crooks will do anything to get your data. Now experts are becoming increasingly worried as it seems that hackers have found a way to fool AI. Gmail users are being urged to stay on high alert as a new scam seems to be circulating the email service by hiding itself within messages. By fooling Google 's clever AI Gemini services, these criminals may be able to add fake messages to their victim's inbox when they access it and load up the usually useful summaries option, reports the Mirror. For those unfamiliar with this feature, Gmail users can now see a quick summary of an email they have been sent thanks to Gemini AI. With most of the important parts put into bullet points, AI will shorten a long email to make it faster to read and understand. While this is a useful feature to have especially if you are in a rush, it seems that it is not immune to being corrupted by crooks. Reported by Bleeping Computer, hackers may be able to trick the system into displaying more text that has nothing to do with the email received. One example features scammers adding a warning alert at the bottom of the summary to scare users into sharing their data. The alert reads: "WARNING: Gemini has detected that your Gmail password has been compromised. Please call us immediately." The summary message then goes on to include a phone number and a reference code to make the warning more believable. Users are also being warned that hackers may be able to add hidden prompts that appear when messages are opened. Experts at Mozilla say that is due to a potential vulnerability within the Gemini email summary feature. Google has responded to this summary flaw and reaffirms that they are constantly working on ways to keep their platform safe for users. Speaking to Bleeping Computer, a Google spokesperson said: "We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attacks." However, the tech giant has also said they are not aware of any users being attacked through the feature and that there is no evidence of a widespread threat. Either way, it is clear that cyber crooks will continue to find new ways to attack popular services and platforms in order to profit off someone's misfortune. While remaining cautious, Gmail users should note that it is highly unlikely that Google would ever contact users and ask for their personal data. And if you do believe your password has been compromised, this can easily be changed by logging into Google's official platform. Unless you for sure know a number provided in an email or summary is an official hotline, it is best not to believe any warnings provided in emails and AI summaries.
Daily Mirror
a day ago
- Daily Mirror
Everyone using Gmail given new inbox warning - watch out for dangerous hidden message
Gmail fans need to be on high alert when getting summaries of their inbox messages. Gmail users are being urged to stay alert and watch out for a worrying new type of scam that hides itself within messages. It appears there's a way of fooling Google's clever AI Gemini service, and it could allow hackers to add fake messages when people access their inbox and load up the useful summaries option. For those not aware, Google now lets Gmail users see a quick summary of an email using smart Gemini AI. This basically means a long message can be made faster to read and understand, with the most important parts placed into bullet points. It's a neat upgrade but it appears that it also comes with a hidden danger. As reported by Bleeping Computer, cyber crooks may trick this system into displaying additional text, with one example showing how hackers could feature a warning at the bottom of the summary. "WARNING: Gemini has detected that your Gmail password has been compromised," the alert reads. "Please call us immediately." The note then features a phone number and reference code. Experts at Mozilla, have also confirmed that a potential vulnerability within the Gemini email summary feature is allowing online thieves to add hidden prompts that then appear when messages are opened. Google has now responded to the flaw and says it is constantly working to keep its platform safe. "We are constantly hardening our already robust defenses through red-teaming exercises that train our models to defend against these types of adversarial attacks," a Google spokesperson told BleepingComputer. The US technology giant says it is also not aware of any users being attacked in this way, and there's no evidence of a widespread threat. That said, this clearly shows that criminals can still find ways to infiltrate email inboxes and we need to stay alert. Just remember that it's highly unlikely Google will ever contact you. Also, if you think your password has been compromised, it's easy to log into Google's official platform and change things. One top tip is to never believe an email or AI summary and don't call any numbers unless you know that it's an official hotline.
Yahoo
2 days ago
- Health
- Yahoo
5.4 million hit in major healthcare data breach — names, emails, SSNs and more exposed
When you buy through links on our articles, Future and its syndication partners may earn a commission. Hackers continue to go after healthcare-related businesses in their attacks and unfortunately, you could easily get caught up in the aftermath as the result of a data breach. Case in point, millions of Americans are now receiving data breach notifications in the mail following a cyberattack on a medical billing company earlier this year. As reported by BleepingComputer, back in January and early February, hackers stole the personal and medical information of 5.4 million people during a cyberattack at the American healthcare services company Episource. While you likely haven't heard of this company, which is owned by UnitedHealth Group's Optum subsidiary, it provides risk adjustment, medical coding, data analytics and other tech to healthcare providers. As a result, Episource often handles large troves of personal and medical data which makes it a valuable target for hackers and other cybercriminals. Now though, the company has begun notifying affected individuals that their personal and medical data could be in the hands of hackers. Here's everything you need to know about this major medical data breach along with what to do next and steps to help keep you safe from any follow-up attacks. Personal and medical data exposed The hackers behind this attack managed to gain access to Episource's systems at the beginning of the year and according to a data breach notice on its site, the breach likely occurred sometime between January 27th and February 6th. During that time, the hackers were able to view as well as steal copies of some data in the company's computer systems. While the exposed data varies from person to person, it may include one or more of the following: Full name Physical address Email address Phone number Insurance plan information Medicaid ID and information Medical record details Date of birth Social Security number Fortunately though, no banking or payment card information was exposed as a result of the breach. In a filing with the U.S. Department of Health and Human Service's Office for Civil Rights, Episource revealed that approximately 5,418,886 people are affected. The company began sending out data breach notifications to impacted individuals in April but as TechCrunch points out in a new report, additional notices have since been filed in California and Vermont and more people are now being notified in regard to this breach. How to stay safe after a data breach With patients' full names, addresses, emails, phone numbers, dates of birth and especially their Social Security numbers in hand, there's a whole lot that hackers can do. From committing fraud and even identity theft to launching targeted phishing attacks using this stolen data, those impacted by this breach are going to need to be extra careful when answering their phones, checking their mailboxes and looking at their email. Episource is taking steps to soften the blow of this breach by providing affected individuals with free access to the best identity theft protection services. In the company's data breach notification shared (PDF) with the Office of the Vermont Attorney General, it explained that people whose medical and personal data was exposed can sign up for credit monitoring and identity restoration services from IDX which can be done so online or over the phone. If you're worried that your personal data and medical info could have been exposed, you're going to want to keep a close eye on your mailbox. The reason being is that instead of over email, data breach notification letters are typically sent via traditional mail. This letter will have all the details on how to sign up for IDX's identity theft protection and credit monitoring. However, it will also let you know exactly what types of your data were exposed in this breach. At the same time, you may also want to freeze your credit since with all this sensitive data, hackers could try to take out loans in your name or commit other types of fraud. You're also going to want to be extra careful when dealing with text messages or emails from unknown senders since other cybercriminals with access to this data could try to launch follow-up attacks, likely in the form of phishing scams. Likewise, monitoring all of your financial accounts is highly recommended as fraud is a lot easier to deal with when you spot it early on. Now that hackers have made it a point to go after healthcare-related businesses and healthcare providers, hopefully the entire medical industry is working on strengthening their security. In the meantime though, you want to make sure that all of your devices are protected with the best antivirus software and that you're using strong and complex passwords for all of your accounts. By taking these steps and improving your own cyber hygiene, you'll be better prepared for when the next data breach happens. Follow Tom's Guide on Google News to get our up-to-date news, how-tos, and reviews in your feeds. Make sure to click the Follow button. More from Tom's Guide Google Gemini flaw exploited to turn AI-powered email summaries into the perfect phishing tool Nearly 2 million people hit by malicious Chrome installations that can track you — what to do now This dangerous banking trojan now uses scheduled maintenance to hide its malicious activities — don't fall for this Solve the daily Crossword
