Cybersecurity

9989 readers

3 users here now

c/cybersecurity is a community centered on the cybersecurity and information security profession. You can come here to discuss news, post something interesting, or just chat with others.

THE RULES

Instance Rules

Be respectful. Everyone should feel welcome here.
No bigotry - including racism, sexism, ableism, homophobia, transphobia, or xenophobia.
No Ads / Spamming.
No pornography.

Community Rules

Idk, keep it semi-professional?
Nothing illegal. We're all ethical here.
Rules will be added/redefined as necessary.

If you ask someone to hack your "friends" socials you're just going to get banned so don't do that.

Learn about hacking

Hack the Box

Try Hack Me

Pico Capture the flag

Other security-related communities !databreaches@lemmy.zip !netsec@lemmy.world !securitynews@infosec.pub !cybersecurity@infosec.pub !pulse_of_truth@infosec.pub

Notable mention to !cybersecuritymemes@lemmy.world

founded 2 years ago

MODERATORS

kid@sh.itjust.works

Lanky_Pomegranate530@midwest.social

PleaseFix Flaw Lets Hackers Access 1Password Vault via Comet AI Browser (hackread.com)

submitted 2 months ago by kid@sh.itjust.works to c/cybersecurity@sh.itjust.works

3 comments fedilink hide all child comments

top 3 comments

sorted by: hot top controversial new old

[–] floofloof@lemmy.ca 0 points 2 months ago

Since Comet is integrated with 1Password, the hijacked AI could be steered to open the user’s unlocked vault. Using instructions hidden in English and Hebrew to evade detection, the AI could search for credentials or even change the master password. This resulted in a full account takeover, giving the attacker unrestricted access to the user’s passwords.

Just say no to AI assistants in your browser and OS.

[–] TrickDacy@lemmy.world 0 points 2 months ago (1 children)

Whew. Very glad to see this was not a general vulnerability in 1password. That would be bad.

[–] Pirat@lemmy.org 0 points 2 months ago

Upvoted purely for the username.