Quotidien Shaarli

TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)  

Key findings from our analysis include:

Advanced Surveillance Capabilities:

• Utilizes technologies like WebRTC for real-time audio and video streaming.
• Abuses Accessibility Services to intercept user interactions.

Comprehensive Data Exfiltration:

• Collects and transmits a wide range of personal data, including messages, call logs, and location information.

Persistence Mechanisms:

• Employs techniques to remain active on the device, such as auto-start on boot and misuse of device administrator privileges.

Abuse of Legitimate Services:

• Utilizes Firebase Cloud Messaging to establish command and control channels, disguising its communications as legitimate traffic.

Indicators of Compromise (IoCs):

• Identified specific URLs, IP addresses, file hashes, and other artifacts associated with Celular 007.

Need for Collective Protection:

• Highlights the importance of collective defense strategies and community awareness to combat such invasive tools.

Cette décision est prise au lendemain de la déclassification de documents du renseignement national faisant état d’une opération d’envergure sur TikTok en faveur du candidat prorusse, Calin Georgescu, arrivé en tête du premier tour de l’élection présidentielle, à la surprise générale.

Le groupe Vidymed, avec 100'000 consultations annuelles, fait face à une cyberattaque. Les autorités vaudoises sont mobilisées pour contenir l'incident. L'ampleur et les conséquences de l'attaque sont en cours d'évaluation.

A recent, alleged Baltic Sea sabotage highlights the system’s fragility