Security News > 2023

Dec. 31, 2022, the PyTorch machine learning framework announced on its website that one of its packages had been compromised via the PyPI repository. According to the PyTorch team, a malicious torchtriton dependency package was uploaded to the PyPI code repository on Friday, Dec. 30, 2022, at around 4:40 p.m. The malicious package had the same package name as the one shipped on the PyTorch nightly package index.

Updated A legal saga between Meta, Ireland and the European Union has reached a conclusion - at least for now - that forces the social media giant to remove data consent requirements from its terms of service in favor of explicit consent, and subjects it to a few hundred million more euros in fines for the trouble. The Irish Data Protection Commision said today that it has made a final decision fining Meta's Irish operating arm a combined €390 million for violations of the EU's General Data Protection Regulation, and directing it to "Bring its data processing operations into compliance within a period of 3 months," the DPC said.

An unknown attacker used the PyPI code repository to get developers to download a compromised PyTorch dependency that included malicious code designed to steal system data. Developers who last week downloaded the nightly builds of the open source PyTorch framework also unknowingly installed a malicious version of the torchtriton dependency found in the Python Package Index, according to PyTorch's maintainers.

As many cryptocurrencies crash and the FTX bankruptcy moves into the litigation stage, regulators are likely to scrutinize the cryptocurrency world more than ever before. Most ways of taxing cryptocurrencies would be inefficient, because they're easy to circumvent and hard to enforce.

Qualcomm on Tuesday released patches to address multiple security flaws in its chipsets, some of which could be exploited to cause information disclosure and memory corruption. The five vulnerabilities - tracked from CVE-2022-40516 through CVE-2022-40520 - also impact Lenovo ThinkPad X13s laptops, prompting the Chinese PC maker to issue BIOS updates to plug the security holes.

In the past years, companies, universities, schools, medical facilities and other organizations have been targeted by ransomware threat actors, turning ransomware into the internet's most severe security crisis. Ransomware as a Service has become the most widespread type of ransomware.

A new Linux malware developed using the shell script compiler has been observed deploying a cryptocurrency miner on compromised systems. "It is presumed that after successful authentication through a dictionary attack on inadequately managed Linux SSH servers, various malware were installed on the target system," AhnLab Security Emergency Response Center said in a report published today.

In the cybersecurity world this is known as disaster recovery planning, crisis management, or backup and recovery policy. Regardless of the name, it all boils down to pre-incident planning that creates a tested and robust process for the recovery of an IT network and, ultimately, a return to business-as-normal.

In 2022, significant geopolitical developments have led to equally significant changes within the cyber insurance market. In this Help Net Security video, Chris Denbigh-White, Global Director of Customer Success for Next DLP, discusses how, with the increasing number of breaches, insurers are left with no choice but to increase premiums, making the notion of insuring cyber risk unrealistic, leaving businesses paying the highest premiums to date.

Synology has released security updates to address a critical flaw impacting VPN Plus Server that could be exploited to take over affected systems.Tracked as CVE-2022-43931, the vulnerability carries a maximum severity rating of 10 on the CVSS scale and has been described as an out-of-bounds write bug in the remote desktop functionality in Synology VPN Plus Server.