Category: News
-
Blind Trust in LLMs: How Hallucinated Packages Can Compromise Open-Source Projects
•
Large Language Models(LLMs) have become essential tools for software developers, helping them solve complex problems and even implement entire functionalities in some cases. However, while these models can accelerate development and streamline workflows, over-reliance on them comes with its own set of risks. A well-known flaw of LLMs is their…
-
Pro-Ukraine Hackers Attack Russian Media Company on Putin’s Birthday
•
Russian state media company VGTRK, which owns and operates the country’s main national TV stations, has fallen victim to a targeted cyber attack claimed by the Ukrainian government to be orchestrated by hackers based in Kyiv. The attack, which occurred on the 7th of October, caused the company’s website and…
-
Crypto Wallets Targetted Using Malicious PyPI Packages
•
PyPI has long been used as a means of distributing malicious code masquerading as legitimate utilities by bad actors. Yehuda Gelb recently exposed one such operation, targeting users of prominent crypto-wallets such as Atomic, Metamask, Exodus, and many more, by uploading multiple packages within a short timeframe to the repository,…
-
Linux Printing System Vulnerabilities Lead to Remote Code Execution(RCE)
•
A chain of vulnerabilities in the Common UNIX Printing System(CUPS) was recently discovered by security researcher Simone Margaritelli, allowing attackers to execute code remotely on vulnerable machines provided certain conditions are met. CUPS is the most widely used printing system on Linux and other UNIX-like operating systems. It has a…
-
Exploding Pagers and Walkie-Talkies in Lebanon – A Hacker’s Analysis
•
Lebanese militant group Hezbollah has had a rough couple of days with communication devices exploding all around them. Thousands of pagers detonated simultaneously in Hezbollah strongholds on Tuesday, the 17th of September, killing 9 and injuring more than 3,000 Lebanese citizens. Among the affected were several Hezbollah fighters as well…
-
RAMBO: Stealing Secrets from Isolated Computers
•
Background Prominent researcher Mordechai Guri of the Ben-Gurion University of the Negev, Israel, recently released a research paper detailing a new method that allows attackers to steal sensitive information from air-gapped(isolated) computers. Air-gapped systems are systems that are physically separated from external networks, including the Internet. This is achieved by keeping the…
-
Revival Hijack: A PyPI Supply Chain Attack Technique.
•
Researchers at JFrog have recently discovered a PyPI supply chain attack technique being exploited in the wild, dubbed “Revival Hijack”. This technique can be used to hijack Python packages hosted on PyPI by manipulating the option to re-register(revive) their names once the owner takes them down. A package repository is a centralized…
-
Transport for London(TFL) is Dealing with an ongoing Cyber Attack!
•
London’s transport authority, Transport for London(TFL), is experiencing an ongoing cyber attack. In a statement released on its website, the TFL stated that it is currently dealing with an ongoing cybersecurity incident. TFL’s services are running as usual for now. The agency has assured its customers that it is working…
-
Airport Security Screening can be Bypassed?
•
Security researchers Sam Curry and Ian Carrol discovered a vulnerability in an air transport security system which could allow unauthorized individuals to bypass airport security screenings and even gain access to flight cockpits!
-
Uber Fined 290 Million Euros for GDPR Violations
•
The Dutch Data Protection Authority(DPA) has imposed a fine of 290 Million euros on transport giant Uber for violations of the General Data Protection Regulation(GDPR) in Europe. Uber was found to be transferring the personal data of European taxi drivers to the United States(US) without safeguarding the data being transferred…