In a recent incident, a malicious package called “oscompatible” was uploaded to the npm registry. The package was found to contain a sophisticated remote access trojan for Windows machines.
The new campaign by TA866 involved a large volume of emails with attached PDFs containing OneDrive URLs that initiated a multi-step infection chain leading to malware payload.
Attackers are using off-the-shelf images from Dockerhub to spread malware, with the 9Hits app visiting various websites and the XMRig miner disabled from visiting crypto-related sites to prevent analysis.
Continuous integration and delivery misconfigurations in TensorFlow could have been exploited for supply chain attacks, allowing malicious code injection and compromise of GitHub and PyPi releases.
Cyberattacks are the leading cause of technology outages for 40% of organizations, emphasizing the need for comprehensive disaster preparation beyond just cybersecurity measures, according to Veeam.
The vulnerability affects various GPU products, with AMD and Apple planning mitigations, and Imagination and Qualcomm issuing fixes. Nvidia and Arm are reportedly unaffected.
OpenAI is taking steps to prevent the use of ChatGPT in spreading election misinformation, including restricting its use for political campaigning and lobbying, and creating tools to empower voters to assess the authenticity of images.
Switzerland’s National Cyber Security Centre promptly detected and responded to the DDoS attacks, restoring access to the targeted websites, including the Davos-Klosters ski resort and Swiss Ministry of the Interior.
The cybersecurity industry is facing increasing legal oversight and consequences, making it riskier to work in this field. Companies are now required to disclose “material” security incidents within four working days to the SEC.
Foxsemicon, a major semiconductor manufacturer in Taiwan, was targeted by the LockBit ransomware gang, who threatened to leak customers’ personal data if a ransom was not paid.