Search cyberveille.decio.ch

Found 5 bookmarks

Custom sorting

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research

In this article, I explained how I could compromise the sysupgrade.openwrt.org service by exploiting the command injection and the SHA-256 collision. As I never found the hash collision attack in a real-world application, I was surprised that I could successfully exploit it by brute-forcing hashes.

#flatt.tech #EN #2024 #Hash-collision #OpenWrt #Command-injection #SHA-256 #Supply-chain

·flatt.tech·Dec 10, 2024

Compromising OpenWrt Supply Chain via Truncated SHA-256 Collision and Command Injection - Flatt Security Research

Ultralytics AI model hijacked to infect thousands with cryptominer

The popular Ultralytics YOLO11 AI model was compromised in a supply chain attack to deploy cryptominers on devices running versions 8.3.41 and 8.3.42 from the Python Package Index (PyPI)

#bleepingcomputer #EN #2024 #Artificial-Intelligence #Open-Source #Supply-Chain #Supply-Chain-Attack #Ultralytics

·bleepingcomputer.com·Dec 8, 2024

Ultralytics AI model hijacked to infect thousands with cryptominer

Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report

Google said it has been contacted by several major U.S. companies recently who discovered that they unknowingly hired North Koreans using fake identities for remote IT roles.

#therecord.media #EN #2024 #UNC5267 #North-Korea #workers #supply-chain

·therecord.media·Sep 26, 2024

Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report

OpenSSH Backdoors

Imagine this: an OpenSSH backdoor is discovered, maintainers rush to push out a fixed release package, security researchers trade technical details on mailing lists to analyze the backdoor code. Speculation abounds on the attribution and motives of the attacker, and the tech media pounces on the story. A near miss of epic proportions, a blow to the fabric of trust underlying open source development, a stark reminder of the risks of supply-chain attacks. Equal measures brilliant and devious.

#blog.isosceles.com #EN #2024 #openssh #backdoor #analysis #supply-chain

·blog.isosceles.com·Aug 25, 2024

OpenSSH Backdoors

Sonar

We discovered 4 critical code vulnerabilities in Gogs, a source code hosting solution, which are still unpatched. Read about the details and how to protect yourself.

#sonarsource #EN #2024 #Gogs #vulnerabilities #developers #Supply-Chain

·sonarsource.com·Jul 4, 2024

Sonar