MacMusic  |  PcMusic  |  440 Software  |  440 Forums  |  440TV  |  Zicos
code
Recherche

Supply chain compromise of Ultralytics AI library results in trojanized versions

lundi 9 décembre 2024, 15:14 , par InfoWorld
Attackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.

According to researchers from ReversingLabs, the attackers leveraged a known exploit via GitHub Actions to introduce malicious code during the automated build process, therefore bypassing the usual code review process. As a result, the code was present only in the package pushed to PyPI and not in the code repository on GitHub.

Continue reading on CSOonline.com.
Lire la suite sur InfoWorld
https://www.csoonline.com/article/3619159/supply-chain-compromise-of-ultralytics-ai-library-results-...

Voir aussi

code 3 takeaways from the Ultralytics AI Python library hack InfoWorld11 Dec
attackers Containers are a weak link in supply chain security BetaNews10 Dec
library Mysterious outbreak with high fatality rate in the DRC could imperil tech supply chains TheRegister 9 Dec
ultralytics OpenWrt orders router firmware updates after supply chain attack scare TheRegister 9 Dec
package Abusing Git branch names to compromise a PyPI package LWN.net 6 Dec
build 0patch uncovers a security vulnerability in all versions of Windows -- and releases free fixes BetaNews 6 Dec
malicious Backdoor in Compromised Solana Code Library Drains $184,000 from Digital Wallets Slashdot 5 Dec
supply South Korea’s political unrest threatens the stability of global tech supply chains ComputerWorld 5 Dec
process OpenAI Is Working With Anduril to Supply the US Military With AI Wired: Tech. 4 Dec
github US expands curbs on China’s AI memory and chip tools, raising supply chain concerns ComputerWorld 3 Dec
pypi US expands curbs on China’s AI memory and chip tools, raising supply chain concerns ComputerWorld 3 Dec
malware Open source supply chain faces security issues BetaNews 2 Dec
results Malicious Ads in Search Results Are Driving New Generations of Scams Wired: Tech. 2 Dec
trojanized Unwrap a surprise PC: $119.99 desktop bundle that delivers big results BoingBoing 1 Dec
versions RIP Delicious Library Slashdot27 Nov
code Blue Yonder Ransomware Attack Disrupts Grocery Store Supply Chain Slashdot26 Nov
attackers Supply chain management vendor Blue Yonder succumbs to ransomware TheRegister26 Nov
library Google blocked 1,000-plus pro-China fake news websites from its search results TheRegister25 Nov
ultralytics Verify the Rust's Standard Library's 7,500 Unsafe Functions - and Win 'Financial Rewards' Slashdot24 Nov
package How to properly run a laptop with the screen closed for best results PC World22 Nov
News copyright owned by their original publishers | Copyright © 2004 - 2024 Zicos / 440Network
Date Actuelle
jeu. 12 déc. - 07:37 CET