How a Rust Supply-Chain Attack Infected Cloud CI Pipelines with Go Malware
Sentinel Labs provides malware/threat intelligence analysis for the enterprise cybersecurity platform SentinelOne. Thursday they reported on "a supply-chain attack against the Rust development community that we refer to as 'CrateDepression'." On M.....»»
Panasonic Energy to supply EV batteries to Mazda; Panasonic Automotive being sold to U.S. firm
Mazda and Panasonic Energy said they will later disclose details of the deal, which is for the supply of cylindrical lithium-ion batteries......»»
How much does cloud-based identity expand your attack surface?
We all know using a cloud-based identity provider (IdP) expands your attack surface, but just how big does that attack surface get? And can we even know for sure? As Michael Jordan once said, “Get the fundamentals down, and the level of everything.....»»
PyPI halted new users and projects while it fended off supply-chain attack
Automation is making attacks on open source code repositories harder to fight. Enlarge / Supply-chain attacks, like the latest PyPI discovery, insert malicious code into seemingly functional software packages used by developers......»»
Tuberculosis vaccine may enable elimination of the disease in cattle by reducing its spread
Vaccination not only reduces the severity of TB in infected cattle, but reduces its spread in dairy herds by 89%, research finds. The research, led by the University of Cambridge and Penn State University, improves prospects for the elimination and c.....»»
AppViewX partners with Fortanix to address critical enterprise security challenges
AppViewX and Fortanix announced a partnership to offer cloud-delivered secure digital identity management and code signing. Together the companies make it easy to address critical enterprise security challenges with comprehensive, robust and scalable.....»»
Beware of fake CleanMyMac installers that will infect your Mac
Cybersecurity experts recently uncovered a sophisticated scheme where attackers disguise malware as CleanMyMac to steal Mac users' data.MacPaw team finds malware disguised as CleanMyMacMacPaw, the creator of CleanMyMac and other utilities, has a cybe.....»»
Vision Pro engineers moved to folding iPhone project; delayed to 2027 – report
A new supply-chain report reiterates earlier reports that some engineers previously working on Vision Pro have been moved to working a folding iPhone or iPad project. It also claims that the planned launch of a foldable iPhone has been delayed fro.....»»
Saudi Aramco CEO calls energy transition strategy a failure
Pointing to the still paltry share of renewable energy in global supply, the head of Saudi Aramco described the current energy transition strategy as a misguided failure on Monday......»»
Cybercriminals use cheap and simple infostealers to exfiltrate data
The rise in identity-based attacks can be attributed to a rapid increase in malware, according to SpyCloud. Researchers found that 61% of data breaches in 2023, involving over 343 million stolen credentials, were infostealer malware-related. Of these.....»»
How CISOs tackle business payment fraud
In this Help Net Security video, Shai Gabay, CEO of Trustmi, discusses why payments are a source of cyber worry for CISOs. CISOs are worried about Business Email Compromise (BEC), cyber attackers’ use of AI, and securing the supply chain. These.....»»
Thousands of servers hacked in ongoing attack targeting Ray AI framework
Researchers say it's the first known in-the-wild attack targeting AI workloads. Enlarge (credit: Getty Images) Thousands of servers storing AI workloads and network credentials have been hacked in an ongoing attack campa.....»»
Bat with species-devastating fungus discovered in Colorado
A bat infected with a fungus that has killed millions of bats across the country was found in Longmont last month......»»
Apple users targeted by sophisticated phishing attack to reset their ID password
There are many known phishing attacks that target users of Apple devices to gain access to their Apple ID. However, a new “elaborate” attack uses a bug in the Apple ID password reset feature with “push bombing” or “MFA fatigue” techniques.....»»
Intel, Microsoft discuss plans to run Copilot locally on PCs instead of in the cloud
Companies are trying to make the "AI PC" happen with new silicon and software. Enlarge / The basic requirements for an AI PC, at least when it's running Windows. (credit: Intel) Microsoft said in January that 2024 would.....»»
“MFA Fatigue” attack targets iPhone owners with endless password reset prompts
Rapid-fire prompts sometimes followed with spoofed calls from "Apple support." Enlarge / They look like normal notifications, but opening an iPhone with one or more of these stacked up, you won't be able to do much of anything un.....»»
Thousands of Asus routers taken over by malware to form new proxy service
Outdated Asus routers are being assimilated into a malicious botnet used by hackers to hide their traces.....»»
Piston Automotive wins $8.5M state grant for plant to supply GM in suburban Detroit
The project marks a return to former stomping grounds for company owner Vinnie Johnson, a two-time NBA champ nicknamed “the Microwave” during his Detroit Pistons heyday......»»
Samsung declined to make 2025 iPhone SE 4 displays, says report
A new supply-chain report says that Samsung declined to make displays for the iPhone SE 4, expected to debut in 2025 with a major upgrade. The Korean report says that Samsung was unable to reach agreement with Apple on the price of the displays, a.....»»
BOE becomes favorite to supply 6.1-inch screens for iPhone SE 4
The iPhone SE 4 could have its displays produced by BOE, with Samsung Display allegedly out of the running over pricing issues.Previous iPhone SE modelsThe display of Apple's iPhone lineup is an important but expensive component of the entire smartph.....»»
AI framework vulnerability is being used to compromise enterprise servers (CVE-2023-48022)
Attackers are leveraging a vulnerability (CVE-2023-48022) in Anyscale’s Ray AI software to compromise enterprise servers and saddle them with cryptominers and reverse shells. “To our knowledge, the attack started 7 months ago,” Avi.....»»