Hundreds of Clusters Attacked Due to Unpatched Flaw in Ray AI Framework
Thousands of servers running AI workloads are under attack by threat actors exploiting an unpatched vulnerability in the open-source Ray AI framework – widely used by such companies as OpenAI, Uber, Amazon, Netflix, and Cohere – giving hackers entrée to huge amounts of data and compute power. The campaign has ... Read More
Revealed: Facebook’s “Incredibly Aggressive” Alleged Theft of Snapchat App Data
Richi Jennings | | Brian J. Dunne, class action, class action lawsuit, DeleteFacebook, facebook, facebook fine, free vpn app, Ghostbusters, IAPP, Man In The Middle, man in the middle attack, man in the middle attacks, Mark Zuckerberg, Meta, mitm, MitM Attack, mitm attacks, mitm tool, mitm tools, Onavo, Onavo VPN, SB Blogwatch, Snapchat, SSL Bump, VPNMeta MITM IAAP SSL bump: Zuck ordered “Project Ghostbusters”—with criminal consequences, says class action lawsuit ... Read More
Complex Supply Chain Attack Targets GitHub Developers
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts ... Read More
Telegram Privacy Nightmare: Don’t Opt In to P2PL
Richi Jennings | | 2-step verification, 2fa, 2FA apps, 2FA bypass, 2FA Flaws, 2FA/MFA, Access control and Identity Management, Cloud MFA, digital identity verification, iam, ID verification, MFA, mfa login, mfasecurity, Multi-Factor Authentication (MFA), P2P, SB Blogwatch, SMS, SMS messages, SMS Toll Fraud, Telegram, Telegram app, two-factor-authentication.2fa, Verify 2FAScary SMS shenanigans: Avoid Telegram’s new “Peer-To-Peer Login” program if you value your privacy or your cellular service ... Read More
China Steals Defense Secrets ‘on Industrial Scale’
Richi Jennings | | china, china espionage, China-linked Hackers, Chinese, Chinese Communists, chinese government, chinese hacker, Chinese hackers, Chinese Intelligence, Chinese state-sponsored hacking group, Chinese Threat Actors, ConnectWise, ConnectWise Vulnerabilities, CVE-2022-0185, CVE-2022-3052, CVE-2023-22518, CVE-2024-1709, Data Stolen By China, Dawn Calvary, f5, F5 BIG-IP, F5 BIG-IP vulnerability, Genesis Day, gov.uk, Mandiant, MSS, MSS Hackers, Peoples Republic of China, PRC, PRC Espionage, SB Blogwatch, ScreenConnect, Teng Snake, uk, UNC302, UNC5174, Uteus, XiaoqiyingUNC5174 ❤ UNC302: CVSS 10 and 9.8 vulnerabilities exploited by Chinese threat actor for People’s Republic ... Read More
Tax Scams Ramping Up as the April 15 Deadline Approaches
With the IRS deadline only weeks away, businesses and individuals are racing to get their taxes filed, and bad actors are doing what they can to keep pace with them. Both Microsoft and Malwarebytes in recent days have outlined various scams being used to steal sensitive information, drop malicious payloads, ... Read More
Apple M-Series FAIL: GoFetch Flaw Finds Crypto Keys
Richi Jennings | | Apple, apple bug, Apple Data Security, apple hack, apple hacker, Apple iOS, Apple iPad, ARM, cache, dmp, GoFetch, iPad, M1, M2, M3, Macintosh, macos, SB BlogwatchGoFAIL: Researchers worm their way into broken cache-filling microcode in most Macs and iPads ... Read More
CISA, NSA, Others Outline Security Steps Against Volt Typhoon
Top cybersecurity agencies in the United States and other countries are again warning critical infrastructure companies about the “urgent risk” posed by Chinese state-sponsored threat group Volt Typhoon and are recommending steps to harden their protections. The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and the FBI ... Read More
Sentry, GitHub Use AI to Help Fix Coding Errors
Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature that uses company’s machine learning and AI capabilities and is aimed at debugging errors in production by leveraging ... Read More
EPA and White House Raise Alarm on Water Cybersecurity
Richi Jennings | | Critical Infrastructure, critical infrastructure assets, critical infrastructure attack, Critical Infrastructure Cyber security, Critical Infrastructure Cybersecurity, Drinking Water, Environmental Protection Agency, EPA, ICS, operational technologies, OT, public water systems, SB Blogwatch, wastewater, water, water distribution systems, Water industry, water infrastructure, White HouseIran and China fingered: Biden admin. chides governors: Water infra. lacks “even basic cybersecurity precautions.” ... Read More
