PSA: If you use ComfyUI_LLMVISION in ComfyUI, it was hacked by "Nullbulge Group" and had malware injected. It had Async remote access trojan for Windows embedded in it.
"This repository provides integration of GPT-4 and Claude 3 models into ComfyUI, allowing for both image and text-based interactions within the ComfyUI workflow." #threatintel
Btw ComfyUI should be blocked in business environments as the setup of it is ripe for abuse - it's an AI 'stable diffusion' thing where every plugin allows native code execution by design, and there's absolutely no QA or guardrails at all.
You’re going to see some incredible media bias with the Synnovis ransomware incident as it impacts southern hospitals - whereas NHS Dumfries and Galloway are several months into their ongoing ransomware incident and barely any coverage. #threatintel
Reported 5 malicious #Python packages to #PyPI: numberpy, tqmmd, pandans, openpyexl, reqwestss all by the same user leemay1782.
All with the same "functionality", getting commands via a socket from dzgi0h7on1jhzdg0vknw9pp9309rxjl8.oastify[.]com and executing it.
I don't think I saw the setup.py entry_points being used as a trigger mechanism before?
Have a look, see what you think. How could I make it more useful to you?
It's generated using a custom-made graph-network abstraction layer I wrote in Python and then pulling some publicly available JSON-files for the Intrusion Sets and Techniques.
A couple of days ago, LockBit had published an entry on their leaksite titled "telekom.com". I asked the Telekom press corps and they denied any incident.
Yesterday, LB also published the data allegedy from Telekom. I had a look at the files. So far, it seems that nothing in the 1.2GByte directory on their file share has anything to do with Deutsche Telekom. It seems that in fact, they breached a client PC owned by a non-profit in Hamburg.
@GossiTheDog Telekom: "ich hatte die Fragen schon unter Gossis Beitrag im Fediverse gesehen. Die Situation war anfangs etwas unübersichtlich, weil offenbar Trittbrettfahrer auf das Thema eingestiegen sind. Jetzt kann ich dazu sagen:
Auf einer Website, die von einer Gruppierung mit dem Namen LockBit as-a-Service betrieben wird, sind die Namen von 40 Unternehmen veröffentlicht worden, denen Daten gestohlen worden sein sollen. "
1/2