"Ultralytics AI library compromised:  Crypto Miner found in PyPI versions."

Views expressed in this cybersecurity, cyber crime update are those of the reporters and correspondents.  Accessed on 08 December 2024, 0018 UTC.

Content and Source compiled by https://feedly.com.  https://feedly.com/i/collection/content/user/f401222a-bca6-4c45-9cc1-183f239e8d86/category/7737d3c9-5fe2-4b34-8708-85e57085f895

Please check link or scroll down to read your selections.  Thanks for joining us today.

Russ Roberts (https://www.hawaiicybersecurityjournal.net).

Security News Bundle

55

Most popular

Ultralytics AI Library Compromised: Cryptocurrency Miner Found in PyPI Versions

6 TTPs

•

37The Hacker News / 13h

•

Ultralytics AI model compromised for cryptomining

In yet another software supply chain attack, it has come to light that two versions of a popular Python artificial intelligence (AI) library named ultralytics were compromised to deliver a cryptocurrency miner. The versions, 8.3.41 and 8.3.42, have since been removed from the Python Package Index (PyPI) repository. A subsequently released version has introduced a security fix that "ensures

5 ways to tell people what to do at work

ZDNet | Security / 12h

No one likes to work for a tyrant, but direction is important, too. Here are five ways to avoid being an ambiguous manager.

8Base ransomware group hacked Croatia’s Port of Rijeka

3 TTPs

•

Security Affairs / 4h

•

Cyberattack hits Port of Rijeka

The 8Base ransomware group attacked Croatia’s Port of Rijeka, stealing sensitive data, including contracts and accounting info. A cyber attack hit the Port of Rijeka in Croatia, the 8Base ransomware group claimed responsibility for the security breach. The Port of Rijeka (Luka Rijeka d.d.), Croatia’s largest dry cargo concessionaire, provides maritime traffic services, port operations, and cargo

Today

Get 4 free iPhone 16 Pro phones from T-Mobile with this holiday deal

ZDNet | Security / 12h

Get iPhone 16 Pro upgrades for the whole family with this T-Mobile deal.

Yesterday

Russia’s FSB used spyware against a Russian programmer

Security Affairs / 15h

after detaining him for allegedly donating to Ukraine earlier this year. The Federal Security Service (FSB) used spyware to monitor a Russian programmer, Kirill Parubets, after he was detained earlier this year for allegedly donating to Ukraine. Researchers from the First Department and the Citizen Lab discovered that the Russian intelligence agency installed the malware on the programmer’s Andr

Learn How Experts Secure Privileged Accounts—Proven PAS Strategies Webinar

24The Hacker News / 15h

Cybercriminals know that privileged accounts are the keys to your kingdom. One compromised account can lead to stolen data, disrupted operations, and massive business losses. Even top organizations struggle to secure privileged accounts. Why? Traditional Privileged Access Management (PAM) solutions often fall short, leaving: Blind spots that limit full visibility. Complex deployment processes.

Hackers Using Fake Video Conferencing Apps to Steal Web3 Professionals' Data

IoC > 1 domain

•

54The Hacker News / 15h

•

2 TTPs

•

Meeten malware targets crypto users

Cybersecurity researchers have warned of a new scam campaign that leverages fake video conferencing apps to deliver an information stealer called Realst targeting people working in Web3 under the guise of fake business meetings. "The threat actors behind the malware have set up fake companies using AI to make them increase legitimacy," Cado Security researcher Tara Gould said. "The company

Romania Cancels Presidential Election Results After Alleged Russian Meddling on TikTok

Romania faces Russian election interference

•

91The Hacker News / 15h

In a historic decision, Romania's constitutional court has annulled the result of the first round of voting in the presidential election amid allegations of Russian interference. As a result, the second round vote, which was scheduled for December 8, 2024, will no longer take place. Călin Georgescu, who won the first round, denounced the verdict as an "officialized coup" and an attack on

Romania ’s election systems hit by 85,000 attacks ahead of presidential vote

Romania cancels election after cyberattacks

•

Security Affairs / 23h

Romania ‘s election systems suffered over 85,000 attacks, with leaked credentials posted on a Russian hacker forum before the presidential election. Romania ‘s Intelligence Service revealed that over 85,000 cyberattacks targeted the country’s election systems. Threat actors gained access to credentials for election-related websites, and then leaked them on Russian cybercrime forums a few days bef

Micropatchers share 1-instruction fix for NTLM hash leak flaw in Windows 7+

2 TTPs

•

The Register – Security / 1d

Microsoft's OS sure loves throwing your creds at remote systems Updated Acros Security claims to have found an unpatched bug in Microsoft Windows 7 and onward that can be exploited to steal users' OS account credentials.…

Facing sale or ban, TikTok tossed under national security bus by appeals court

TikTok must sell or face ban

•

The Register – Security / 1d

Video slinger looks to Supremes for salvation, though anything could happen under Trump A US federal appeals court has rejected a challenge to the law that prevents popular apps that collect data on Americans from being controlled by a foreign adversary.…

This $45 foldable keyboard is a game-changer for working professionals on the move

ZDNet | Security / 1d

Plugable's Folding Keyboard is an impressive tablet accessory for writers. It delivers a good typing feel and versatility. However, it is missing some notable features.

Texas Teen Arrested for Scattered Spider Telecom Hacks

California teen linked to Scattered Spider

•

Dark Reading / 1d

An FBI operation nabbed a member of the infamous cybercrime group, who is spilling the tea on 'key Scattered Spider members' and their tactics.

I found a laptop for creators that rivals the 16-inch MacBook Pro, but it costs half the price

ZDNet | Security / 1d

The ProArt P16 is a robust creators' laptop that exudes power, but its potential is unlocked in the hands of an engaged power user.

Microsoft Expands Access to Windows Recall AI Feature

Dark Reading / 1d

The activity-recording capability has drawn concerns from the security community and privacy experts, but the tech giant is being measured in its gradual rollout, which is still in preview mode.

New Atrium Health data breach impacts 585,000 individuals

Atrium Health data breach apology

•

Security Affairs / 1d

Atrium Health disclosed a data breach affecting 585,000 individuals to the HHS, potentially linked to the use of online tracking tools. Healthcare company Atrium Health disclosed a data breach that impacted 585,000 individuals. The company notified the US Department of Health and Human Services (HHS). Atrium Health launched an investigation into the security breach and discovered that from Januar

Traveling with multiple cables gives me a headache. This tiny gadget solved that problem

ZDNet | Security / 1d

Twelve South's ButterFly SE is an ultra-portable 2-in-1 magnetic charging station that powers mixed-port devices in one place.

How to get your Apple devices ready for the last big OS update of 2024

ZDNet | Security / 1d

Every device except one is getting updated to 18.2 next week, so review our tips and tricks for ensuring as smooth an update as possible.

The next LTS Linux kernel is no surprise but it is packed with goodies

Alpine Linux 3.21 released with updates

•

ZDNet | Security / 1d

Linux 6.12 brings real-time support, a new extensible scheduler, and QR error codes.

Want analytics for your Threads posts? Meta is testing the feature now

Bluesky gains traction as Threads updates

•

ZDNet | Security / 1d

In its ongoing rivalry with Bluesky to attract X defectors, Meta is testing a feature that brands and creators have been clamoring for.

Microsoft expands Recall preview to Intel and AMD Copilot+ PCs

Recall AI expands to more PCs

•

300+BleepingComputer / 1d

​Microsoft is now testing its AI-powered Recall feature on AMD and Intel-powered Copilot+ PCs enrolled in the Windows 11 Insider program. [...]

Ultralytics AI model hijacked to infect thousands with cryptominer

IoC > 1 domain

•

22BleepingComputer / 1d

•

Ultralytics AI model compromised for cryptomining

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI) [...]

Salt Typhoon forces FCC's hand on making telcos secure their networks

FCC proposes cybersecurity rules after hack

•

The Register – Security / 1d

Proposal pushes stricter infosec safeguards after Chinese state baddies expose vulns The head of America's Federal Communications Commission (FCC) wants to force telecoms operators to tighten network security in the wake of the Salt Typhoon revelations, and to submit an annual report detailing measures taken.…

Google uses your personal info to tailor search results. Here's how to stop it

Google simplifies turning off personalization

•

ZDNet | Security / 1d

Personalized search results seem to be on the rise. If you're concerned about privacy, you can turn it off - for a single search, or for good.

Do wind power generators actually work at home? I tested one, and the results blew me away

36ZDNet | Security / 1d

Solar generators are all the rage, but what do you do when the clouds roll in? This gadget will keep your power running.

Blue Yonder SaaS giant breached by Termite ransomware gang

Blue Yonder suffers ransomware attack

•

33BleepingComputer / 1d

​The Termite ransomware gang has officially claimed responsibility for the November breach of software as a service (SaaS) provider Blue Yonder. [...]

New Windows zero-day exposes NTLM credentials, gets unofficial patch

9 TTPs

•

100+BleepingComputer / 1d

A new zero-day vulnerability has been discovered that allows attackers to capture NTLM credentials by simply tricking the target into viewing a malicious file in Windows Explorer. [...]

FSB Uses Trojan App to Monitor Russian Programmer Accused of Supporting Ukraine

5 TTPs

•

35The Hacker News / 1d

•

FSB uses Monokle spyware on activists

A Russian programmer accused of donating money to Ukraine had his Android device secretly implanted with spyware by the Federal Security Service (FSB) after he was detained earlier this year. The findings come as part of a collaborative investigation by First Department and the University of Toronto's Citizen Lab. "The spyware placed on his device allows the operator to track a target device's

Crypto-stealing malware posing as a meeting app targets Web3 pros

IoC > 1 domain

•

32BleepingComputer / 1d

•

14 TTPs

•

Meeten malware targets crypto users

Cybercriminals are targeting people working in Web3 with fake business meetings using a fraudulent video conferencing platform that infects Windows and Macs with crypto-stealing malware. [...]

Google just gave older Pixel phones a free software upgrade that you once could only wish for

Google Pixel phones show temperature

•

ZDNet | Security / 1d

The company has officially extended the software support policy around its older Pixel phones, including some fan favorites.

Why SOC Roles Need to Evolve to Attract a New Generation

Dark Reading / 1d

The cybersecurity industry faces a growing crisis in attracting and retaining SOC analysts.

Open Source Security Priorities Get a Reshuffle

Census III reveals FOSS usage trends

•

Dark Reading / 1d

The "Census of Free and Open Source Software" report, which identifies the most critical software projects, sees more cloud infrastructure and Python software designated as critical software components.

Archcraft is a solid, super fast distro for anyone ready to move beyond beginner Linux

ZDNet | Security / 1d

I spent a week with the distribution and found it to be a lot of fun to use. Here's what to know about it before you dive in.

Google Photos unveils its 'Spotify Wrapped' style end-of-year recap. How to access it

Google Photos introduces 2024 Recap

•

ZDNet | Security / 1d

Your camera roll says a lot about your year, and Google Photos is now helping you revisit those memories (for better or worse).

My 4 favorite open-source apps for personal finance - that run on Linux, MacOS, and Windows

ZDNet | Security / 1d

Want to manage your finances in a dedicated money app? These open-source options are some of the most popular - and for good reason.

Can data embassies make cross-border AI safer?

ZDNet | Security / 1d

Inconsistent data laws across the world are pushing organizations to think of diplomatic privacy solutions.

In Other News: Cloudflare Abuse, UK and EU Cybersecurity Reports, FBI Gen-AI Alert

SecurityWeek / 1d

Noteworthy stories that might have slipped under the radar: ENISA and NCSC release cybersecurity reports, abuse of Cloudflare services, FBI warns of gen-AI enabling fraud. The post appeared first on SecurityWeek .

Ethyca Raises $10 Million for Data Privacy Platform

Ethyca raises 10M funding

•

SecurityWeek / 1d

Data privacy solutions provider Ethyca has raised $10 million in a funding round led by Aspenwood Ventures and AVP. The post appeared first on SecurityWeek .

U.S. CISA adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog

CVE-2024-51378

•

Security Affairs / 1d

U.S. Cybersecurity and Infrastructure Security Agency (CISA) adds CyberPanel flaw to its Known Exploited Vulnerabilities catalog. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) added the CyberPanel flaw CVE-2024-51378 (CVSS score: 10.0) to its Known Exploited Vulnerabilities (KEV) catalog . The getresetstatus vulnerability in CyberPanel (before commit 1c0c6cb ) affects dns/views

Badass Russian techie outsmarts FSB, flees Putinland all while being tracked with spyware

Russian techie escapes FSB spyware

•

20The Register – Security / 1d

Threatened with life in prison, Kyiv charity worker gives middle finger to state spies A Russian programmer defied the Federal Security Service (FSB) by publicizing the fact his phone was infected with spyware after being confiscated by authorities.…

SonicWall Patches 6 Vulnerabilities in Secure Access Gateway

2 TTPs

•

SecurityWeek / 1d

SonicWall has released patches for multiple high-severity flaws in the SMA100 SSL-VPN secure access gateway. The post appeared first on SecurityWeek .

Researchers Uncover Flaws in Popular Open-Source Machine Learning Frameworks

3 TTPs

•

25The Hacker News / 1d

Cybersecurity researchers have disclosed multiple security flaws impacting open-source machine learning (ML) tools and frameworks such as MLflow, H2O, PyTorch, and MLeap that could pave the way for code execution. The vulnerabilities, discovered by JFrog, are part of a broader collection of 22 security shortcomings the supply chain security company first disclosed last month. Unlike the first

Conquering the Complexities of Modern BCDR

26The Hacker News / 1d

The modern business landscape is thrilling yet daunting. Rapidly evolving technology, persistent cyberthreats and escalating operational complexities make data protection and seamless business continuity challenging for