Menu

Blog

Archive for the ‘cybercrime/malcode’ category: Page 18

Jun 9, 2024

Thousands of companies using Ray framework exposed to cyberattacks, researchers say

Posted by in categories: cybercrime/malcode, robotics/AI

Researchers are warning that hackers are actively exploiting a disputed vulnerability in a popular open-source AI framework known as Ray.

This tool is commonly used to develop and deploy large-scale Python applications, particularly for tasks like machine learning, scientific computing and data processing.

According to Ray’s developer, Anyscale, the framework is used by major tech companies such as Uber, Amazon and OpenAI.

Jun 9, 2024

GPT-4 autonomously hacks zero-day security flaws with 53% success rate

Posted by in categories: cybercrime/malcode, robotics/AI

Researchers were able to successfully hack into more than half their test websites using autonomous teams of GPT-4 bots, co-ordinating their efforts and spawning new bots at will. And this was using previously-unknown, real-world ‘zero day’ exploits.

Jun 7, 2024

Rebranded Knight Ransomware Targeting Healthcare and Businesses Worldwide

Posted by in categories: business, cybercrime/malcode

ALERT: RansomHub, a rebranded Knight ransomware, targets healthcare and major entities.

Using legitimate remote desktop tools and recruiting from shutdown groups, it shows evolving cybercriminal tactics.

Jun 5, 2024

Russian Power Companies, IT Firms, and Govt Agencies Hit by Decoy Dog Trojan

Posted by in categories: cybercrime/malcode, energy

Russian organizations are at the receiving end of cyber attacks that have been found to deliver a Windows version of a malware called Decoy Dog.

Cybersecurity company Positive Technologies is tracking the activity cluster under the name Operation Lahat, attributing it to an advanced persistent threat (APT) group called HellHounds.

“The Hellhounds group compromises organizations they select and gain a foothold on their networks, remaining undetected for years,” security researchers Aleksandr Grigorian and Stanislav Pyzhov said. “In doing so, the group leverages primary compromise vectors, from vulnerable web services to trusted relationships.”

Jun 5, 2024

361 million stolen accounts leaked on Telegram added to HIBP

Posted by in category: cybercrime/malcode

A massive trove of 361 million email addresses from credentials stolen by password-stealing malware, in credential stuffing attacks, and from data breaches was added to the Have I Been Pwned data breach notification service, allowing anyone to check if their accounts have been compromised.

Cybersecurity researchers collected these credentials from numerous Telegram cybercrime channels, where the stolen data is commonly leaked to the channel’s users to build reputation and subscribers.

The stolen data is usually leaked as username and password combinations (usually stolen via credential stuffing attacks or data breaches), username and passwords along with a URL associated with them (stolen via password-stealing malware), and raw cookies (stolen via password-stealing malware).

Jun 5, 2024

A Safer Future for AI with Stronger Algorithms

Posted by in categories: cybercrime/malcode, information science, robotics/AI

This post is also available in: עברית (Hebrew)

AI technology is spreading quickly throughout many different industries, and its integration depends on users’ trust and safety concerns. This matter becomes complicated when the algorithms powering AI-based tools are vulnerable to cyberattacks that could have detrimental results.

Dr. David P. Woodruff from Carnegie Mellon University and Dr. Samson Zhou from Texas A&M University are working to strengthen the algorithms used by big data AI models against attacks.

Jun 4, 2024

Health records system restored after Ascension hospitals cyber attack in the Austin area

Posted by in categories: biotech/medical, cybercrime/malcode, health

Some systems are still down, but medical staff can now use the computer system for patient care after almost four weeks.

Jun 3, 2024

Hackers Targeting 1,500 Banks and Their Customers in Push To Drain Accounts Across 60 Countries: Report

Posted by in categories: cybercrime/malcode, finance, government

Black hat hackers have reportedly unleashed malicious software targeting over 1,500 banks and their customers worldwide.

Security researchers at IBM say a revamped version of the Grandoreiro banking trojan has just rolled out, enabling attackers to perform banking fraud in 60 countries.

The malware allows attackers to send email notices that appear to be urgent government requests for payments.

May 31, 2024

6 Finetuning for Classification

Posted by in categories: cybercrime/malcode, robotics/AI

V/ Sebastian Raschka.

For weekend reading:

Chapter 6 (Finetuning LLMs for Classification) of Build an LLM from Scratch book is now finally available on the Manning website:

Continue reading “6 Finetuning for Classification” »

May 30, 2024

CISA Alerts Federal Agencies to Patch Actively Exploited Linux Kernel Flaw

Posted by in category: cybercrime/malcode

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Thursday added a security flaw impacting the Linux kernel to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation.

Tracked as CVE-2024–1086 (CVSS score: 7.8), the high-severity issue relates to a use-after-free bug in the netfilter component that permits a local attacker to elevate privileges from a regular user to root and possibly execute arbitrary code.

“Linux kernel contains a use-after-free vulnerability in the netfilter: nf_tables component that allows an attacker to achieve local privilege escalation,” CISA said.

Page 18 of 222First1516171819202122Last