RSS_Virtulization

A malicious Python Package Index (PyPI) package, dubbed “aiocpa” and engineered to steal cryptocurrency wallet data, has been uncovered by security researchers.  The package posed as a legitimate crypto client tool while secretly exfiltrating sensitive information to a Telegram bot. Reversing Labs researchers identified and reported the threat, leading to its removal from the PyPI. Discovered on November 21, aiocpa evaded traditional security checks by publishing authentic-looking updates to an initially benign tool. Obfuscated code within…

A new cyber-attack technique leveraging the Godot Gaming Engine to execute undetectable malware has been reported by Check Point Research. Using maliciously crafted GDScript code, threat actors deployed malware via “GodLoader,” bypassing most antivirus detections and infecting over 17,000 devices since June 2024. In a statement, the Godot security team said, “Based on the report, affected users thought they were downloading and executing cracks for paid software, but instead executed the malware loader.” The Godot Engine, widely…

Uber no longer offers just rides and deliveries: It’s created a new division hiring out gig workers to help enterprises with some of their AI model development work. Scaled Solutions grew out of the company’s own needs for data annotation, testing, and localization, and is now ready to offer those services to enterprises in retail, automotive and autonomous vehicles, social media, consumer apps, generative AI, manufacturing, and customer support. Its first customers include Aurora Innovation,…

What is Mimic? Mimic is family of ransomware, first found in-the-wild in 2022. In common with many other ransomware attacks, Mimic encrypts a victim’s files, and demands a ransom payment in cryptocurrency for the release of a decryption key. Does Mimic also steal data? Yes, some variants of Mimic can also exfiltrate data from a user’s computers before it is encrypted – the stolen data is typically used as an additional bargaining chip by the…

While most organizations today remain aware of the ongoing cybersecurity threats, there is a constant struggle to keep pace with them. Much of this has to do with a lack of resources and talent available in cybersecurity as a whole, with many organizations forced to take shortcuts in their security planning. As alarming as this cybersecurity talent gap is, there is another noticeable gap when it comes to demographics in these types of roles. Today,…

Public-facing instances of ProjectSend, an open-source file-sharing web application, have been exploited by attackers, according to vulnerability intelligence provider VulnCheck. ProjectSend was created by software developer Ignacio Nelson and is maintained by a group of over 50 people. It has received support from 1500 people on GitHub. The web application has been affected by an improper authentication vulnerability since at least January 2024, when cybersecurity firm Synactiv reported it to the project maintainers. Exploiting this…

Mejoras en la predicción del clima espacial Paralelamente, la predicción del clima espacial ha dado un salto con la aplicación de arquitecturas basadas en transformers, que se ha hecho muy popular al estar detrás de modelos de lenguaje como ChatGPT. Este enfoque ha permitido prever con mayor precisión el impacto de eventos solares extremos en la atmósfera terrestre y en los satélites. A diferencia de los métodos estadísticos tradicionales, los transformers identifican patrones temporales complejos y relaciones no lineales…

Analicemos brevemente su historia. Cuando los navegadores gráficos se empezaron a utilizar en masa en las empresas (no olvidemos que los primeros navegadores, como Cello y Lynx, eran puramente de texto) alrededor de 1994, el objetivo era facilitar al máximo la interacción de las personas con la web. En ese momento, Internet ya existía desde hacía décadas, pero la web se había popularizado hacía poco.  El problema es que a medida que los entornos se…

La Secretaría de Estado de Medioambiente ha adjudicado a la UTE conformada por Sener y Medical el lote número seis del contrato para la Implementación de Metodología BIM. En virtud del mismo, la compañía especializada en ingeniería y tecnología estrecha lazos con la consultora especializada en transformación digital para desarrollar los modelos virtuales de las presas de la Confederación Hidrográfica del Guadiana. Tal y como se ha dado a conocer, los trabajos adjudicados forman parte…

Researchers have discovered 20 vulnerabilities in a wireless access point commonly used in industrial environments, six of which are critical. An analysis by Nozomi Networks Labs of version 1.6.2 of Advantech’s EKI-6333AC-2G industrial-grade wireless access point found that these vulnerabilities pose significant risks, including remote code execution (RCE) with root privileges. Each of the vulnerabilities have been assigned a unique CVE identifier. EKI-6333AC-2G is designed to provide stable, dual-band Wi-Fi connectivity across challenging industrial environments…