Tag: vigilance

Source URL: https://www.theregister.com/2024/12/09/security_in_brief/ Source: The Register Title: Blue Yonder ransomware termites claim credit Feedly Summary: Also: Mystery US firm compromised by Chinese hackers for months; Safe links that aren’t; Polish spy boss arrested, and more Infosec in brief Still smarting over that grocery disruption caused by a ransomware attack on supply chain SaaS vendor Blue…

Hacker News: Ultralytics AI model hijacked to infect thousands with cryptominer

Dec 7, 2024

—

by

Source URL: https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/ Source: Hacker News Title: Ultralytics AI model hijacked to infect thousands with cryptominer Feedly Summary: Comments AI Summary and Description: Yes Summary: The Ultralytics YOLO11 AI model was compromised due to a supply chain attack that led to the deployment of cryptominers when users installed certain versions from PyPI. This incident highlights…

Hacker News: ExxonMobil’s Alleged Hack-for-Hire Campaign Targeting Climate Activists

Dec 6, 2024

—

by

Source URL: https://www.vulnu.com/p/inside-exxonmobils-alleged-hack-for-hire-campaign-targeting-climate-activists Source: Hacker News Title: ExxonMobil’s Alleged Hack-for-Hire Campaign Targeting Climate Activists Feedly Summary: Comments AI Summary and Description: Yes Summary: The text reveals alarming insights into the intersection of corporate interests and cybersecurity, showcasing a significant hack-for-hire operation backed by ExxonMobil. This operation highlights how corporate entities are increasingly leveraging advanced cyber…

The Register: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files

Dec 6, 2024

—

by

Source URL: https://www.theregister.com/2024/12/06/mitel_micollab_0day/ Source: The Register Title: PoC exploit chains Mitel MiCollab 0-day, auth-bypass bug to access sensitive files Feedly Summary: Still unpatched 100+ days later, watchTowr says A zero-day arbitrary file read vulnerability in Mitel MiCollab can be chained with a now-patched critical bug in the same platform to give attackers access to sensitive…

The Register: Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’

Dec 6, 2024

—

by

Source URL: https://www.theregister.com/2024/12/06/chinese_cyberspy_us_data/ Source: The Register Title: Microsoft: Another Chinese cyberspy crew targeting US critical orgs ‘as of yesterday’ Feedly Summary: Redmond threat intel maven talks explains this persistent pain to The Reg A Chinese government-linked group that Microsoft tracks as Storm-0227 yesterday started targeting critical infrastructures organisations and US government agencies, according to Redmond’s…

The Register: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds

—

by

Source URL: https://www.theregister.com/2024/12/05/solana_javascript_sdk_compromised/ Source: The Register Title: Solana blockchain’s popular web3.js npm package backdoored to steal keys, funds Feedly Summary: Damage likely limited to those running bots with private key access Malware-poisoned versions of the widely used JavaScript library @solana/web3.js were distributed via the npm package registry, according to an advisory issued Wednesday by project…

Cloud Blog: Moloco: 10x faster model training times with TPUs on Google Kubernetes Engine

—

by

Source URL: https://cloud.google.com/blog/products/containers-kubernetes/moloco-uses-gke-and-tpus-for-ml-workloads/ Source: Cloud Blog Title: Moloco: 10x faster model training times with TPUs on Google Kubernetes Engine Feedly Summary: In today’s congested digital landscape, businesses of all sizes face the challenge of optimizing their marketing budgets. They must find ways to stand out amid the bombardment of messages vying for potential customers’ attention.…

Alerts: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies

—

by

Source URL: https://www.cisa.gov/news-events/alerts/2024/12/05/asds-acsc-cisa-and-us-and-international-partners-release-guidance-choosing-secure-and-verifiable Source: Alerts Title: ASD’s ACSC, CISA, and US and International Partners Release Guidance on Choosing Secure and Verifiable Technologies Feedly Summary: Today, CISA—in partnership with the Australian Signals Directorate Australian Cyber Security Centre (ASD ACSC), and other international partners—released updates to a Secure by Design Alert, Choosing Secure and Verifiable Technologies. Partners…

The Register: T-Mobile US CSO: Spies jumped from one telco to another in a way ‘I’ve not seen in my career’

—

by