Linux Kernel Organization Hit by Sophisticated Malware Attack

The Linux Kernel Organization's infrastructure was infected with sophisticated malware starting in 2009, at least two years longer than previously known.  It has compromising at four servers, and has stolen encrypted password data for over 550 system users. The malware, known as Ebury, has infected over 400,000 servers, mostly running Linux, for the past 15 years, using multiple methods to propagate, including credential stuffing and living off the land. Ebury has been used to steal payment card information, cryptocurrency, and administrator credentials. The attack highlights the importance of protecting SSH servers with multi-factor authentication and emphasizes the need for vigilance and mitigation measures to minimize the spread and impact of such attacks.

Critical Flaw in AI Python Package Can Lead to System and Data Compromise

A critical vulnerability, dubbed "Llama Drama" (CVE-2024-34359), has been discovered in a Python package used by AI application developers, allowing arbitrary code execution and putting systems and data at risk. The issue affects the Jinja2 template rendering tool and the llama_cpp_python package, used for integrating AI models with Python. Over 6,000 AI models on the Hugging Face AI community are impacted. The vulnerability can be exploited for arbitrary code execution on affected systems, but a patch has been released with the update to llama_cpp_python 0.2.72.

Malware Attacks on Ukraine's Power Grid Highlight Evolving Cybersecurity Threats

Malware attacks attributed to Russia's military intelligence agency on Ukraine's power grid in 2016 and 2022, have highlighted the vulnerability of physical infrastructure to cyber threats. The attacks, known as Industroyer One and Two, caused blackouts and demonstrated the evolution of cyber threats to the physical world. A recent study by UC Santa Cruz researchers analyzed the malware and its interaction with the power grid, revealing the potential for more catastrophic attacks. The researchers warn that similar systems are used worldwide, and future attacks could target "intelligent electronic devices" embedded in systems, emphasizing the need for better security awareness, policy, and planning to defend against these evolving cyber threats.

Fatigue and Shortages: Cyber Teams Intentionally Underreporting Breaches

A new report by VikingCloud reveals that 40% of cyber teams have not reported a cyber incident due to fear of losing their jobs, indicating a significant underreporting of cyber breaches globally. The report highlights a disconnect between business leaders' confidence in their cyber defenses and the actual state of their defenses. Despite 96% of companies claiming confidence in their ability to detect and respond to cyberattacks in real-time, the report reveals that cyber teams are facing major challenges, including talent shortages, new attack methods, and the advancing sophistication of cybercriminals. The report also notes that only 10% of companies have increased cyber hiring in the past 12 months, and nearly 20% of companies say a lack of qualified talent is a key challenge to overcoming cyberattacks.