Security and FUD Leftovers
-
Fortinet Releases Security Updates for FortiADC | CISA [Ed: Security of proprietary software is elusive and illusionary]
Fortinet has released a security advisory to address a vulnerability in multiple versions of FortiADC. This vulnerability may allow a remote attacker “to execute unauthorized code or commands via specifically crafted HTTP requests.”
-
Documents released by hackers suggest Lukashenko may not have taken PCR tests before meetings with Putin — Meduza
A group of Belarusian hackers claiming to have gained access to a database belonging to their country's presidential medical center have released what they say are the results of PCR tests taken by President Alexander Lukashenko and his son Nikolai.
-
PyTorch suffers supply chain attack via dependency confusion [Ed: Spinners try to portray Microsoft as the solution]
Users who deployed the nightly builds of PyTorch between Christmas and New Year's Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps are not taken.
[...]
Exploiting the automated logic in package managers that decides which package version should be downloaded and from where is not new. This is an attack technique known as dependency confusion that was first disclosed by security researcher Alex Birsan in 2021 and impacts not just pip and PyPi, but also npm and potentially other package managers.
-
Popular machine learning framework PyTorch compromised with malicious dependency
The PyTorch team warned users who installed the nightly version of PyTorch on Linux via pip between Dec. 25 and Dec. 30, 2022, to uninstall and download the latest version.
“PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python Package Index (PyPI) code repository and ran a malicious binary,” the PyTorch team noted in a statement on Dec. 31, 2022.
-
Another Orchestrated Attack: How Do I Protect Myself? | SUSE Communities
Criminal groups are always trying to make money by taking advantage of software vulnerabilities.
-
New SHC-compiled Linux malware installs cryptominers, DDoS bots [Ed: This Microsoft-connected site neglects to say this impacts already-compromised "Linux" machines; this makes things sound a lot worse than they are]
According to ASEC researchers, who discovered the attack, the SHC loader was uploaded to VirusTotal by Korean users, with attacks generally focused on Linux systems in the same country.
-
Endpoint Security Solutions for the Growing Threat Landscape [Ed: Blackberry became a patent troll and, failing that, it is now trying to rebrand as some kind of security outfit by spreading FUD (mentions "Linux")]