Users who deployed the nightly builds of PyTorch between Christmas and New Year’s Eve likely received a rogue package as part of the installation that siphoned off sensitive data from their systems. The incident was the result of an attack called dependency confusion that continues to impact package managers and development environments if hardening steps […]
Cyber News, Cyber Threat TrendsAn API, or Application Programming Interface, is a set of rules and protocols that specifies how software programs should interact with each other. The post Explaining API appeared first on .
Cyber News, Cyber Threat Trends
The ransomware ecosystem has changed significantly in 2022, with attackers shifting from large groups that dominated the landscape toward smaller ransomware-as-a-service (RaaS) operations in search of more flexibility and drawing less attention from law enforcement. This democratization of ransomware is bad news for organizations because it also brought in a diversification of tactics, techniques, and […]
Cyber News, Cyber Threat Trends
Considering the threat model and attack surface This is a continuation of my series on Automating Cybersecurity Metrics. Very happy to get back to my security metrics automation series in 2023 and a bunch of other things I want to finish. Had a great Azure Security class at the end of the year, but so tired […]
Cyber News, Cyber Threat Trends
The maintainers of the PyTorch package have warned users who have installed the nightly builds of the library between December 25, 2022, and December 30, 2022, to uninstall and download the latest versions following a dependency confusion attack. “PyTorch-nightly Linux packages installed via pip during that time installed a dependency, torchtriton, which was compromised on the Python […]
Cyber News, Cyber Threat Trends
After a few tests, I can confirm chatGPT does not make me smarter, and I doubt it will help anyone else. Continue reading on Assorted Thoughts »
Cyber News, Cyber Threat Trends
Chinese international students in the U.K. have been targeted by persistent Chinese-speaking scammers for over a year as part of an activity dubbed RedZei (aka RedThief). “The RedZei fraudsters have chosen their targets carefully, researched them and realized it was a rich victim group that is ripe for exploitation,” cybersecurity researcher Will Thomas (@BushidoToken) said in a write-up
Cyber News, Cyber Threat TrendsCyber crimes are on the rise, and understanding forensic investigations is a key part of solving them. Learn the basics and get up to speed The post What is cyber or digital forensics? appeared first on .
Cyber News, Cyber Threat Trends
The bad news: the crooks have your SSH private keys. The good news: only users of the “nightly” build were affected.
Cyber News, Cyber Threat Trends