Tag: incident
-
The Register: Ransomware scum blow holes in Cleo software patches, Cl0p (sort of ) claims responsibility
Source URL: https://www.theregister.com/2024/12/16/ransomware_attacks_exploit_cleo_bug/ Source: The Register Title: Ransomware scum blow holes in Cleo software patches, Cl0p (sort of ) claims responsibility Feedly Summary: But can you really take crims at their word? Supply chain integration vendor Cleo has urged its customers to upgrade three of its products after an October patch was circumvented, leading to…
-
Hacker News: Quick takes on the recent OpenAI public incident write-up
Source URL: https://surfingcomplexity.blog/2024/12/14/quick-takes-on-the-recent-openai-public-incident-write-up/ Source: Hacker News Title: Quick takes on the recent OpenAI public incident write-up Feedly Summary: Comments AI Summary and Description: Yes **Summary:** The provided text analyzes an incident at OpenAI on December 11, highlighting a saturation problem in Kubernetes API servers that led to service failures due to the unexpected interactions of…
-
Alerts: CISA Requests Public Comment for Draft National Cyber Incident Response Plan Update
Source URL: https://www.cisa.gov/news-events/alerts/2024/12/16/cisa-requests-public-comment-draft-national-cyber-incident-response-plan-update Source: Alerts Title: CISA Requests Public Comment for Draft National Cyber Incident Response Plan Update Feedly Summary: Today, CISA—through the Joint Cyber Defense Collaborative and in coordination with the Office of the National Cyber Director (ONCD)—released the National Cyber Incident Response Plan Update Public Comment Draft. The draft requests public comment on…
-
The Register: Are your Prometheus servers and exporters secure? Probably not
Source URL: https://www.theregister.com/2024/12/15/prometheus_servers_exporters_exposed/ Source: The Register Title: Are your Prometheus servers and exporters secure? Probably not Feedly Summary: Plus: Netscaler brute force barrage; BeyondTrust API key stolen; and more Infosec in brief There’s a problem of titanic proportions brewing for users of the Prometheus open source monitoring toolkit: hundreds of thousands of servers and exporters…
-
Slashdot: UnitedHealthcare’s Optum Left an AI Chatbot, Used By Employees To Ask Questions About Claims, Exposed To the Internet
Source URL: https://yro.slashdot.org/story/24/12/13/2042250/unitedhealthcares-optum-left-an-ai-chatbot-used-by-employees-to-ask-questions-about-claims-exposed-to-the-internet?utm_source=rss1.0mainlinkanon&utm_medium=feed Source: Slashdot Title: UnitedHealthcare’s Optum Left an AI Chatbot, Used By Employees To Ask Questions About Claims, Exposed To the Internet Feedly Summary: AI Summary and Description: Yes Summary: The text discusses a significant security oversight involving an internal AI chatbot at healthcare giant Optum, which was found to be publicly accessible,…
-
Rekt: False Prophet
Source URL: https://www.rekt.news/false-prophet Source: Rekt Title: False Prophet Feedly Summary: Alpaca Finance lost millions by allegedly using manual CoinGecko price updates instead of real oracles. When questioned, they asked “which faster oracle would you have used?" Turns out F5 isn’t a reliable price feed. Who knew? AI Summary and Description: Yes Summary: The text provides…
-
Schneier on Security: Ultralytics Supply-Chain Attack
Source URL: https://www.schneier.com/blog/archives/2024/12/ultralytics-supply-chain-attack.html Source: Schneier on Security Title: Ultralytics Supply-Chain Attack Feedly Summary: Last week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics —which has almost 60 million downloads—was published to the Python Package Index…