A malicious campaign has been observed exploiting the blockchain-based Meson service for illicit gains ahead of the crypto token unlock planned for March 15. The campaign, discovered by the Sysdig Threat Research Team (TRT), saw an attacker swiftly create 6000 Meson Network nodes using a compromised cloud account, setting off alarms for multiple AWS users […]
ReversingLabs has identified a new, malicious campaign consisting of seven different open source packages with 19 different versions on the Python Package Index (PyPI), with the oldest package dating back to December, 2022. The campaign’s goal: to steal mnemonic phrases used to recover lost or destroyed crypto wallets. This is just the latest software […]
“At the most basic level, AI has given malicious attackers superpowers,” Mackenzie Jackson, developer and security advocate at GitGuardian, told the audience last week at Bsides Zagreb. These superpowers are most evident in the growing impact of fishing, smishing and vishing attacks since the introduction of ChatGPT in November 2022. And then there are also […]
Malicious software packages are found on public software repositories such as GitHub, PyPI and the npm registry seemingly every day. Attackers use a number of tricks to fool developers or systems into downloading them, or they simply compromise the package developer’s account and update the package with malware. Consequently, the security capabilities of public software […]
Mar 04, 2024NewsroomAI Security / Vulnerability As many as 100 malicious artificial intelligence (AI)/machine learning (ML) models have been discovered in the Hugging Face platform. These include instances where loading a pickle file leads to code execution, software supply chain security firm JFrog said. “The model’s payload grants the attacker a shell on the compromised […]
The malicious packages were disguised as legitimate Python packages, and although they have been removed from PyPI, they were downloaded over 3,000 times, compromising thousands of systems.
Governance & Risk Management , Healthcare , Industry Specific HHS OCR Says a Malicious Worker Stole and Sold Patient Information in 2013 Marianne Kolbasuk McGee (HealthInfoSec) • February 6, 2024 Montefiore Medical Center in New York is paying HHS OCR $4.75 million to settle a HIPAA breach investigation. (Image: Montefiore) Federal regulators fined […]
The threat actors behind the KV-botnet made “behavioral changes” to the malicious network as U.S. law enforcement began issuing commands to neutralize the activity. KV-botnet is the name given to a network of compromised small office and home office (SOHO) routers and firewall devices across the world, with one specific cluster acting as a covert […]
Hackers will try just about anything to get you to click on a malicious link. The key is to make the overall email seem as believable as possible. The more legitimate it seems, the better. The more believable it seems, the better. The race to get end-users to click on links is on, and creative […]