TL;DR: zizmor would have caught the vulnerability that caused this…mostly. Read on for details.
The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)
Key findings from our analysis include:
Advanced Surveillance Capabilities:
Comprehensive Data Exfiltration:
Persistence Mechanisms:
Abuse of Legitimate Services:
Indicators of Compromise (IoCs):
Need for Collective Protection:
Cette décision est prise au lendemain de la déclassification de documents du renseignement national faisant état d’une opération d’envergure sur TikTok en faveur du candidat prorusse, Calin Georgescu, arrivé en tête du premier tour de l’élection présidentielle, à la surprise générale.
Le groupe Vidymed, avec 100'000 consultations annuelles, fait face à une cyberattaque. Les autorités vaudoises sont mobilisées pour contenir l'incident. L'ampleur et les conséquences de l'attaque sont en cours d'évaluation.
A recent, alleged Baltic Sea sabotage highlights the system’s fragility
Veeam released security updates today to address two Service Provider Console (VSPC) vulnerabilities, including a critical remote code execution (RCE) discovered during internal testing.
VSPC, described by the company as a remote-managed BaaS (Backend as a Service) and DRaaS (Disaster Recovery as a Service) platform, is used by service providers to monitor the health and security of customer backups, as well as manage their Veeam-protected virtual, Microsoft 365, and public cloud workloads.
Cisco on Dec. 2 updated an advisory from March 18 about a 10-year-old vulnerability in the WebVPN login page of Cisco’s Adaptive Security Appliance (ASA) software that could let an unauthenticated remote attacker conduct a cross-site scripting (XSS) attack.
In its recent update, the Cisco Product Security Incident Response Team (PSIRT) said it became aware of additional attempted exploitation of this vulnerability in the wild last month.
Afin de renforcer la solidarité et les capacités dans l'UE en matière de détection, de préparation et de réaction face aux menaces et incidents de cybersécurité, le Conseil a adopté ce jour deux nouveaux actes législatifs dans le cadre du "paquet" législatif sur la cybersécurité, à savoir le "règlement sur la cybersolidarité" et une modification ciblée du règlement sur la cybersécurité.
Cloudflare's 'pages.dev' and 'workers.dev' domains, used for deploying web pages and facilitating serverless computing, are being increasingly abused by cybercriminals for phishing and other malicious activities.
BT Group (formerly British Telecom)'s Conferencing division shut down some of its servers following a Black Basta ransomware attack.
Senators briefed on the wide-ranging breaches by Chinese hackers called for action on Wednesday to protect the country's telecommunications networks.
We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed. We uncover macOS lateral movement tactics, such as SSH key misuse and AppleScript exploitation. Strategies to counter this attack trend are also discussed.
The scourge of “malvertising” is nothing new, but the tactic is still so effective that it's contributing to the rise of investment scams and the spread of new strains of malware.
iVerify’s Mobile Threat Hunting finds Pegasus spyware is more prevalent and capable of infecting a wide range of devices, not just devices of high-risk users.
Un rapport longtemps tenu secret ne présente pas le Service de renseignement de la Confédération sous un jour favorable. Les espions suisses ont agi de manière illégale et très peu professionnelle: pendant des années, ils ont traqué des hackers sans autorisation.
The FBI is warning the public that criminals exploit generative artificial intelligence (AI) to commit fraud on a larger scale which increases the believability of their schemes. Generative AI reduces the time and effort criminals must expend to deceive their targets. Generative AI takes what it has learned from examples input by a user and synthesizes something entirely new based on that information. These tools assist with content creation and can correct for human errors that might otherwise serve as warning signs of fraud. The creation or distribution of synthetic content is not inherently illegal; however, synthetic content can be used to facilitate crimes, such as fraud and extortion.1 Since it can be difficult to identify when content is AI-generated, the FBI is providing the following examples of how criminals may use generative AI in their fraud schemes to increase public recognition and scrutiny.
An international law enforcement operation codenamed 'Operation Passionflower' has shut down MATRIX, an encrypted messaging platform used by cybercriminals to coordinate illegal activities while evading police.
CVE-2024-1212 is an unauthenticated command injection found in Progress Kemp LoadMaster load balancer's administrator web interface by Rhino Security Labs.
Our researchers discovered a previously unknown vulnerability on Windows Server 2012 and Server 2012 R2 that allows an attacker to bypass a ...
The former head of Poland’s internal security agency Piotr Pogonowski was forced to appear in front of a parliamentary committee investigating the alleged abuse of Pegasus spyware in the country.
The company, ENGlobal Corporation, has restricted employee access to its IT system, limiting it to only essential business operations.
Amazon has launched AWS Security Incident Response, a service to help triage and respond to cybersecurity threats.
A researcher has discovered a data broker had stored 644,869 PDF files in a publicly accessible cloud storage container.
On Friday, the United Nations Agency for Digital Technologies said it is partnering with the International Telecommunication Union (ITU) and International Cable Protection Committee (ICPC) to create the International Advisory Body for Submarine Cable Resilience.
