So, I requested a copy of a recent MRI from Kaiser-Permanente. They sent it to me on a CD-ROM and as I always do, I checked everything on there for viruses and got an all-time record for amount of malware. 7 total trojans and what not from just one of the files.
Something tells me Kaiser is next to get ransomwared, honest to gerd.
L’ #informatica sta completamente esplodendo nell’ultima settimana… ciò è molto buffo, ma anche #preoccupante. E siamo appena a sabato mattina… c’è tutto il tempo per far andare storto anche qualcos’altro! Siamo messi veramente di cacca. 😬️
Prima è uscito fuori un #bug che colpisce tutte le CPU Apple Silicon, simile a cosa fu Spectre anni fa, quindi ovviamente #hardware, e chissà se sarà o meno patchabile via software in realtà in futuro (ma in tal caso, il vostro bel #computer con la mela girerà 3 volte peggio, soldi buttati). Fanno proprio schifo ‘sti #processori#moderni, tutti indistintamente, finiscono sempre per avere una caterva di #falle strane perché implementano #hack bruttissime a livello di progettazione per girare più veloci… dovremmo tornare onestamente al 6502. Il sito ufficiale è https://gofetch.fail, e #LowLevelLearning ha ovviamente parlato della cosa: https://youtube.com/watch?v=-D1gf3omRnw 🍎️
Poi una #falla di incremento dei privilegi a livello kernel in #Linux… è complicatissimo, ma un #ProofOfConceptè stato pubblicato qui (assieme al #writeup), e in pratica si può sfruttare un #problemino nello stack di rete per diventare #root… mi chiedo se si potrà magari utilizzare per rootare sistemi embedded ristretti (telefonini coff coff, ma non solo), anche se dice di colpire tra v5.14 e v6.6 quindi non ho molte speranze. Qui un #video se vi interessa comprendere il #glitch in modo umano: https://youtube.com/watch?v=ixn5OygxBY4 💣️
E infine, #notizia di ieri, cosa estremamente grave perché è stata fatta apposta, è stata inserita una #backdoor nella libreria di compressione #XZ. Lo ha scoperto un certo #AndresFreund, che non è un ricercatore di #sicurezza, ma era semplicemente diventato estremamente salty dopo aver visto che i suoi login ad SSH facevano schizzare alle stelle l’uso di risorse del sistema, oltre ad essere stranamente più lenti. Quindi ha scavato un po’, pensando ci fosse qualche #problema benigno, ma in realtà ha scoperto che qualche stronzo ha inserito #malware nel processo di build della libreria, nascondendolo tra le cose relative al testing. Mi sarebbe piaciuto navigare tra #issue e pull request per vedere l’utente che ha mandato ‘sta merda al progetto, ma GitHub come al solito si dimostra la piattaforma di condivisione di codice più stupida al mondo, e ha sospeso tutte le repo per “violazione dei Termini di Servizio”… razza di scimmie imbananate che non siete altro, ma credete davvero che i mantenitori di #Tukaani abbiano fatto entrare codice malevolo nelle loro repo consapevolmente? È ovvio che nessuno se n’è accorto, che bisogno c’è di punire chi non ha colpa allora? (Tra l’altro, il loro sito era ospitato lì, quindi ora manco quello è più online… almeno hanno un mirror Git, ma è solo source lì). Mi piacerebbe proprio tanto fare una chiacchierata con il vero colpevole, e di persona, sia ben chiaro, non dietro una tastiera dove questo si crederebbe ovviamente Dio… “eh ma io so fare gli exploit io so programmare meglio di te io io” sei un coglione, questo sei se fai queste cose, scommetto che non riusciresti nemmeno a parlare faccia a faccia. Persino io con le mie manie di protagonismo non mi sognerei mai di fare qualcosa per garantirmi una backdoor nei server #SSH di tutto il mondo, e che cazzo… 💀️
#AI#GenerativeAI#Cybersecurity#Chatbots#SoftwareDevelopment#Programming#Malware: "As Lanyado noted previously, a miscreant might use an AI-invented name for a malicious package uploaded to some repository in the hope others might download the malware. But for this to be a meaningful attack vector, AI models would need to repeatedly recommend the co-opted name.
That's what Lanyado set out to test. Armed with thousands of "how to" questions, he queried four AI models (GPT-3.5-Turbo, GPT-4, Gemini Pro aka Bard, and Command [Cohere]) regarding programming challenges in five different programming languages/runtimes (Python, Node.js, Go, .Net, and Ruby), each of which has its own packaging system.
It turns out a portion of the names these chatbots pull out of thin air are persistent, some across different models. And persistence – the repetition of the fake name – is the key to turning AI whimsy into a functional attack. The attacker needs the AI model to repeat the names of hallucinated packages in its responses to users for malware created under those names to be sought and downloaded.
Lanyado chose 20 questions at random for zero-shot hallucinations, and posed them 100 times to each model. His goal was to assess how often the hallucinated package name remained the same. The results of his test reveal that names are persistent often enough for this to be a functional attack vector, though not all the time, and in some packaging ecosystems more than others.
With GPT-4, 24.2 percent of question responses produced hallucinated packages, of which 19.6 percent were repetitive, according to Lanyado. A table provided to The Register, below, shows a more detailed breakdown of GPT-4 responses."
The Python Package Index (PyPI) repository experienced a malware upload attack, forcing maintainers to suspend new project creation and user registration to mitigate the threat. This incident involved malicious Python packages, likely uploaded using typo-squatting techniques, designed to steal sensitive information and credentials. The malware also included a persistence mechanism to remain active on compromised systems.
US offers $10 million bounty for info on 'Blackcat' hackers who hit UnitedHealth
The U.S. State Department on Wednesday offered up to $10 million for information on the "Blackcat" ransomware gang who hit the UnitedHealth Group's tech unit and snarled insurance payments across America.
Unpatchable security flaw in Apple Silicon Macs breaks encryption
'University researchers have found an unpatchable security flaw in Apple Silicon Macs, which would allow an attacker to break encryption and get access to cryptographic keys.
The flaw is present in M1, M2, and M3 chips, and because the failing is part of the architecture of the chips, there’s no way for Apple to fix it in current devices …'
There’s a Bing ding dong, after Microsoft over-enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack. Yes, it’s a new “Smashing Security” podcast with me and Carole Theriault.
Thanks to Kolide by 1Password, Vanta, and Kiteworks for supporting this episode!
#EU#Cybersecurity#Spyware#Surveillance#Malware#Pegasus: "Now, when push has come to shove, policymakers at the European Union (EU) must act to ban spyware in Europe. Yesterday, the media reported a major attack on EU democracy with members of the European Parliament Defense Committee being the target of phone hacking. Intrusions of this kind pose a threat to democracy by interfering with electoral and decision-making processes and undermining the integrity of the public debate.
But such intrusions into privacy are nothing new. Journalists, human rights defenders and activists have been targeted for years by states with surveillance malware like Pegasus. Our democracies hinge on EU policymakers’ responsibility to create a protective EU-wide framework against spyware. With the 2024 elections approaching, will the EU politicians make the obvious choice of putting the safety of people and the integrity of our democracy first by banning spyware?" https://edri.org/our-work/press-release-brussels-rocked-by-major-spyware-scandal-urgent-call-for-ban/
Personal data and customer information may have been stolen from Japanese tech giant Fujitsu after it reported a cyberattack. The company is currently investigating how its network was compromised by malware.
Apple chwali się, jak szczelny jest App Store pod kątem niedopuszczania do systemowego sklepu z aplikacjami tych, które służą oszustwom. No nie do końca, co pokazuje przykład scamerskiego portfela bitcoinów.
Na moich oczach z kont zostało pobranych 150 tys. USD po tym, jak wprowadziłem swoją frazę seed do tej fałszywej aplikacji z Apple Store. Nie mogę uwierzyć, że Apple pozwala na takie aplikacje w swoim App Store!d
Firma stojąca za nią nimi jest zarejestrowana w Nowej Zelandii, w przypadkowym Airbnb.
Cele atakujących są osoby przesiadające się z Androida na iOS (tzw. switcherzy). Po przeniesieniu wszystkich aplikacji chcą oni przenieść także swoje bitcoiny z androidowego portfela na jakiś odpowiednik w iOS.
Wpisałem frazę „portfel bitcoin” w Apple App Store, zainstalowałem pierwszą aplikację, którą zobaczyłem (wyglądała legalnie), przelałem bitcoiny i natychmiast zostały one wysłane donikąd. Okazuje się, że ta aplikacja została wcześniej zgłoszona co najmniej 12 dni temu jako oszustwo!
– relacjonuje kolejny poszkodowany. Mowa o zgłoszeniu na tym Reddit. Apple przez 12 dni zatem nic z tym zgłoszeniem nie zrobiło, a aplikacja wyświetlana jest (nadal!) jako pierwsza rekomendacja. Wyprzedzając inne, dobrze znane na rynku krypto portfele, jak binance, blockchain.com i coinbase.
Chętnie przeczytałbym komentarz Apple w tej sprawie.
Ne du, so was wie #DuckDuckGo, #StartPage & #Ecosia liefern Daten ihrer Crawler wie #Bing (M$) und/oder #Google. Pseudonymisiert ist nicht anonym, denn die sind vertraglich dazu verpflichtet.
🧵…siehe in den obigen Toots/Posts weshalb ich Google schon länger nicht mehr nutze und deswegen welche Alternativen ich im #Internet gebrauche und empfehle.
«Googles neue KI-Suchergebnisse promoten Scam und Malware:
Google ergänzt seine #Suche'rgebnisse jüngst mit #KI-generierten Inhalten wie Zusammenfassungen. Jetzt mehren sich die Warnungen, dass über dieses System auch #Scam und #Malware beworben werden. Der KI-Suchalgorithmen von #Google scheinen unterwandert.»