Mor

@MsftSecIntel This is the inevitable tax we pay for treating community-maintained open source as if it were a hardened enterprise service. Until the industry invests in open source the way it depends on it, this won't be the last incident of this magnitude.

Microsoft is investigating mistralai PyPI package v2.4.6 compromise. Attackers injected code in mistralai/client/__init__.py that executes on import, downloads hxxps://83[.]142[.]209[.]194/transformers.pyz to /tmp/transformers.pyz, and launches a second-stage payload on Linux. The file name transformers.pyz appears deliberately chosen to mimic the widely used Hugging Face Transformers library and blend into ML/dev environments. The main payload is a credential stealer, but it also includes country-aware logic; it avoids Russian-language environments and contains a geo fenced destructive branch that has 1-in-6 chance of executing rm -rf / when the system appears to be in Israel or Iran. To mitigate this threat: isolate affected Linux hosts, block 83[.]142[.]209[.]194, hunt for /tmp/transformers.pyz, pgmonitor[.]py, and pgsql-monitor.service, and rotate exposed credentials.

@GelosSnake same here 😅

Iranian MOIS - ministry of intelligence is the home of the most notorious threat actors targeting business, gov and citizens around the world for years. Now it’s on fire. Let them burn.

@GelosSnake Careful what you wish for - fewer threat actors = fewer cyber budgets 😅

@urlichsanais @AquaSecTeam It’s been fantastic working with you! Your contributions and energy will be greatly missed at @AquaSecTeam . Best of luck in your next adventure! 🚀

1) If I don't post it now, I never will. All great things have to come to an end eventually. Yesterday was my last day @AquaSecTeam. I'm leaving an incredible team and the best place to work. Huge shoutout to everyone who made the past 2.5 years as amazing as they were♥️

@bangkok_airways just informed they discovered unauthorized access to FlyerBonus members' data on 8 December #hacked #pwn #cyber #CyberSecurity

@CryptoAidIsrael Your donation site is being targeted by a SMS-based phishing campaign. @Google and @MicrosoftEdge have already been notified. Donors, please be aware

Are you attending #44CON in London this week? Join @morwnbrg for a hands-on workshop and disocver practical ways to fortify your software supply chain and protect your digital assets. 🗓️ September 14 at 12:00 pm 📍 44CON at the Novotel London West More details: lnkd.in/eJvnEed #44CON2023 #sdlc #supplychainsecurity #softwaresupplychain

Let me know if you will be around next week at @44CON

@FeedTechILUncen 3. אם הלקוח לא מתייחס לקוד שלו כ״מניח שנפרץ״ ולא מעיף משם סיסמאות וטוקנים, ולא סורק באופן תדיר למציאת חולשות וסיכונים..דיינו 4. מוזמנים להמשיך

@FeedTechILUncen לא שופט אבל 1. אם הלקוח נתן גישה מלאה לכל הריפוז שלו ולא רק לריפוז/סביבת טסט, לסטארטאפ במיוחד אם הוא צעיר בלי רגולציות וסוקז..דיינו 2. אם הסטארטאפ מראש מתבסס על שמירה של קטעי קוד של הלקוחות שלו לשרת ולא הגה פתרון נטול דיינו..לפחות סניטציה כלשהיא??

עובד בסטארטאפ, פלטפורמה לתיעוד קוד של לקוחות (גישה מלאה לריפוז שלהם). הייתה טעות שגרמה לכל הקוד של הלקוחות להישלח ל Datadog ומשתיקים אותנו מלספר. המצפון שלי לא שקט, במיוחד לאור הצביעות וכמה שהחברה מפחדת שחלילה נשלח קוד של החברה ל AI. *התוודו אנונימית -> bit.ly/3GCanEe

@Cyburgerim @AquaSecTeam היא אחת מהשגרירות ומהמאמצות המוקדמות של הטכנולוגיה

מלא eBPF בסייבר לאחרונה 🐝 היו מלא דיבורים בצד היזמים והקרנות לפני שנתיים+, אולי עכשיו קצת יותר יוצאים מסטלת'. משתף קצת מהניסיון שלי, אשמח לקבל משלכם >>

Check out my latest findings about 250M artifacts that were exposed via misconfiguration blog.aquasec.com/250m-artifacts…

What if you were told that you had a misconfigured registry with hundreds of millions of #software artifacts containing highly confidential and sensitive proprietary code and secrets exposed in your environment right now? New Aqua Nautilus research has found just that in some of the world’s largest organizations, including five Fortune 500 companies. @MoragAssaf @morwnbrg Find out if you're affected: blog.aquasec.com/250m-artifacts…

@shodanhq seems to be down for the last couple of hours

@mbrg0 Oh boy, but look on the bright side, it might help the sec team to find data violations like PII, CC & passwords much easier..wait a second..but 👹 would do the same.. bad idea, bad idea!

#Microsoft has just released a way for every business user to connect your business data straight into ChatGPT w/o asking anyone Move fast and break things!

ICYMI: @morwnbrg's #CloudNative Security Con session on the key concepts and techniques related to the evolvement of cryptomining is on Youtube! youtube.com/watch?v=i4lNhl…

We've had a great time at #CloudNativeSecurityCon this week! ☁ Highlights from @itaysk's session ➕ @morwnbrg's interview on the floor. 🎙 Love Itay's #Tracee T-shirt? You can keep up with the latest Tracee news at @AquaTracee

First up, @morwnbrg will be speaking on Crypto Jacking Techniques in #CloudNative. cloudnativesecurityconna23.sched.com/event/1FV1r

link to my talk sched.co/1FV1r

Next week, I will speak at Cloud Native Security Con in Seattle about Crypto Jacking Techniques in Cloud Native. Let me know if you would be around @AquaSecTeam #CloudNative