-
In June 2017, a study of more than 3,000 Massachusetts Institute of Technology (MIT) students published by the National Bureau for Economic Research (NBER) found that 98% of them were willing to give away their friends’ email addresses in exchange for free pizza. “Whereas people say they care about privacy, they are willing to relinquish private data quite easily when
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
The documents would detail how the Pentagon and Space Force want to use private space companies for military missions.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Here are the first conversations from our annual State of Defense interview series.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Light infantry units also need more indirect fire systems, Gen. Rainey said.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Senators are seeking more information about AI safety within the AUKUS program.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Indian government entities and energy companies have been targeted by unknown threat actors with an aim to deliver a modified version of an open-source information stealer malware called HackBrowserData and exfiltrate sensitive information in some cases by using Slack as command-and-control (C2). “The information stealer was delivered via a phishing email, masquerading as an invitation letter
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
A critical vulnerability in Ray, an open-source AI framework that is widely utilized across various sectors, including education, cryptocurrency, and biopharma.
This vulnerability, known as CVE-2023-48022, has been under active exploitation for the past seven months, allowing attackers to hijack computing power and leak sensitive data.
The Discovery of CVE-2023-48022: ShadowRay
Late in 2023, five unique vulnerabilities were disclosed to Anyscale, the developers of Ray, by cybersecurity entities Bishop Fox, Bryce Bearchell, and Protect AI.
Anyscale addressed four of these vulnerabilities in Ray version 2.8.1, but the fifth, CVE-2023-48022, remains disputed and unpatched.
The Oligo team has dubbed this vulnerability “ShadowRay” due to its ability to evade static scans and lead to significant breaches.
AI environments are goldmines for attackers due to the sensitive information they contain, such as private intellectual property, third-party tokens, and access to company databases.
The high-powered machines used for AI models are also prime targets for their computing power.
The Oligo research team has uncovered an active attack campaign that has put thousands of servers at risk.
Meet Ray: The Affected Framework
Ray is a unified framework designed to scale AI and Python applications.
Anyscale maintains it and has garnered significant attention, with 30K stars on GitHub.
Large organizations like Uber, Amazon, and OpenAI use Ray in production for its scalability and efficiency.
The Exploitation of Ray Clusters
The lack of authorization in Ray’s Jobs API has been a critical point of exploitation.
Attackers with network access to the dashboard can invoke arbitrary jobs on the remote host without authorization.
Rayβs official Kubernetes deployment guide [10] and Kuberayβs Kubernetes operator encourage people to expose the dashboard on 0.0.0.0:
This oversight has led to the compromise of numerous publicly exposed Ray servers, with attackers leveraging the flaw for cryptocurrency mining and data theft.
The collective value of the compromised machines is staggering, with the potential worth nearing a billion USD.
Attackers are drawn to these machines not only for the sensitive information they can extract but also for the high value of the GPUs, which are in short supply and expensive.
The Common Thread: Crypto Miners
Oligo Research has identified patterns in the compromised clusters, suggesting that the same attackers targeted them.
Crypto-mining campaigns have been leveraging ShadowRay to install miners and reverse-shells, with some attackers reaching the top 5% of miners in certain pools.
In light of these findings, organizations using Ray are urged to review their environments for exposure and analyze any suspicious activity.
For more detailed information on the vulnerabilities and the steps taken by Anyscale, readers can refer to the blog posts by Bishop Fox, Bryce Bearchell, and Protect AI.
Ray users must be aware of the security aspects and common pitfalls associated with the framework.
As the battle between functionality and security continues, the Ray incident serves as a stark reminder of the importance of vigilance in the digital age.
The disputed nature of CVE-2023-48022 has not only highlighted the complexities of software development but also the critical need for robust security measures in protecting valuable AI infrastructure.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter
The post Hackers Actively Exploiting Ray AI Framework Flaw to Hack Thousands of Servers appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Army also hopes ordering more Coyote drone interceptors will eventually drive down cost.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
-
Cybersecurity researchers at Unit 42 have uncovered a sophisticated cyberespionage campaign orchestrated by two Chinese Advanced Persistent Threat (APT) groups targeting entities and member countries of the Association of Southeast Asian Nations (ASEAN).
This alarming development underscores the escalating cyber threats faced by nations in the Southeast Asian region, highlighting the intricate web of digital espionage activities that continue to challenge global cybersecurity norms.
Palo Alto Networks’ Unit 42 identified cyberespionage activities by two Chinese hacking groups targeting the region for the past 90 days.
The Attackers:
- Stately Taurus (aka Mustang Panda): A known Chinese APT group active since at least 2012, targeting government entities, nonprofits, and NGOs globally.
- Second Unidentified Chinese APT Group: Recently compromised an ASEAN-affiliated entity, with similar activity observed in other member states.
The activity of Stately Taurus:
Coinciding with the ASEAN-Australia Special Summit (March 4-6, 2024), Stately Taurus created two malware packages likely targeting entities in Myanmar, the Philippines, Japan, and Singapore.
The report states that ASEAN-affiliated entities are particularly attractive targets for espionage operations due to their pivotal role in handling sensitive information related to diplomatic relations and economic decisions within the region.
Package 1: The Talking_Points_for_China.zip
- A ZIP archive containing a renamed, signed anti-keylogging program that sideloads malicious code.
- Targets attempt to connect to a malicious server (103.27.109.157:433).
- Similar to a campaign reported by CSIRT-CTI.
Package 2: Note PSO.scr:
- A screensaver executable targeting Myanmar.
- Downloads a benign executable (WindowsUpdate.exe) and a malicious DLL (EACore.dll).
- Attempts to connect to a different C2 server ([invalid URL removed] at 146.70.149.36).
Second Activity: the unidentified Chinese APT Group
- Unit 42 discovered compromised systems within an ASEAN-affiliated entity linked to the APT group’s command-and-control (C2) infrastructure.
- This pattern of network connections has been observed in other government entities throughout the region.
- The targeted infrastructure includes IP addresses and domains specifically used for C2 communication.
- Interestingly, the attackers seem to follow a “work schedule” with activity concentrated on weekdays in China Standard Time (UTC+08:00) and a noticeable pause during holidays like Lunar New Year.
Mitigation:
Palo Alto Networks recommends utilizing their various security solutions to help organizations defend against these threats, including:
- DNS Security and Advanced URL Filtering
- WildFire threat detection engine
- Prisma Cloud Defender agents with WildFire integration
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us onΒ LinkedInΒ &Β Twitter
The post Chinese Hackers Attacking Southeast Asian Nations With Malware Packages appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ
ΒΆΒΆΒΆΒΆΒΆ