Author: Reporter

Scattered Spider strikes again? Aviation industry appears to be next target for criminal group

~ Reporter ~ Leave a comment

The aviation industry has seemingly become the latest target of Scattered Spider, a sophisticated cybercriminal group that has shifted its focus from retail and insurance companies to airlines in what cybersecurity experts describe as a coordinated campaign against the sector.

Hawaiian Airlines disclosed a cybersecurity incident Friday affecting some of its IT systems while maintaining that flights continued operating safely and on schedule. The attack, first detected June 23, according to SEC filings, prompted the airline to engage federal authorities and cybersecurity experts for investigation and remediation efforts.

Multiple incident responders have attributed the Hawaiian Airlines attack to Scattered Spider, also known as Muddled Libra or UNC3944. The assessment comes as cybersecurity firms Unit 42 and Mandiant issued warnings about the group’s apparent pivot to targeting aviation companies.

Charles Carmakal, chief technology officer at Mandiant Consulting – Google Cloud, confirmed his company is “aware of multiple incidents in the airline and transportation sector which resemble the operations of UNC3944 or Scattered Spider.” The group has demonstrated a pattern of focusing intensively on single industries before moving to new sectors.

“Given the habit of this actor to focus on a single sector we suggest that the industry take steps immediately to harden systems,” Carmakal stated.

The Hawaiian Airlines incident follows a similar attack earlier this month on WestJet, Canada’s second-largest airline. The Calgary-based carrier experienced intermittent disruptions to its website and mobile application, with systems largely restored after five days.

Cybersecurity experts note that Scattered Spider has maintained consistent tactics across different industry targets. The group typically employs sophisticated social engineering attacks and targets multi-factor authentication systems through fraudulent reset requests.

Sam Rubin, senior vice president of consulting and threat intelligence at Palo Alto Networks’ Unit 42, emphasized that organizations should maintain “high alert for sophisticated and targeted social engineering attacks and suspicious MFA reset requests.”

The group’s methodical approach to targeting specific industries has previously included campaigns against major retail chains and insurance companies, including attacks on Aflac and other prominent insurers.

The coordinated nature of these attacks across multiple airlines suggests a strategic shift by Scattered Spider toward critical infrastructure sectors. The Federal Bureau of Investigation and the Cybersecurity and Infrastructure Security Agency have yet to comment on the incidents.

The post Scattered Spider strikes again? Aviation industry appears to be next target for criminal group appeared first on CyberScoop.

from CyberScoop https://ift.tt/sSNhrv9
via IFTTT

Impact to Azure Virtual Machines in multiple regions

~ Reporter ~ Leave a comment

Impact Statement: Starting at 01:37 UTC on 26 June 2025, an alert for Virtual Machines is being investigated where customers using Virtual Machines may experience issues while performing service management operations (CRUD) create, read, update, and delete hosted in multiple regions.Current Status: We are actively investigating the impact, and the next update will be provided within 60 minutes, or as events warrant.

from Azure Status https://ift.tt/ZF5PJGe
via IFTTT

Amazon FSx for OpenZFS now supports Amazon S3 access without any data movement

~ Reporter ~ Leave a comment

Starting today, you can attach Amazon S3 Access Points to your Amazon FSx for OpenZFS file systems to access your file data as if it were in Amazon Simple Storage Service (Amazon S3). With this new capability, your data in FSx for OpenZFS is accessible for use with a broad range of Amazon Web Services (AWS) services and applications for artificial intelligence, machine learning (ML), and analytics that work with S3. Your file data continues to reside in your FSx for OpenZFS file system.

Organizations store hundreds of exabytes of file data on premises and want to move this data to AWS for greater agility, reliability, security, scalability, and reduced costs. Once their file data is in AWS, organizations often want to do even more with it. For example, they want to use their enterprise data to augment generative AI applications and build and train machine learning models with the broad spectrum of AWS generative AI and machine learning services. They also want the flexibility to use their file data with new AWS applications. However, many AWS data analytics services and applications are built to work with data stored in Amazon S3 as data lakes. After migration, they can use tools that work with Amazon S3 as their data source. Previously, this required data pipelines to copy data between Amazon FSx for OpenZFS file systems and Amazon S3 buckets.

Amazon S3 Access Points attached to FSx for OpenZFS file systems remove data movement and copying requirements by maintaining unified access through both file protocols and Amazon S3 API operations. You can read and write file data using S3 object operations including GetObject, PutObject, and ListObjectsV2. You can attach hundreds of access points to a file system, with each S3 access point configured with application-specific permissions. These access points support the same granular permissions controls as S3 access points that attach to S3 buckets, including AWS Identity and Access Management (IAM) access point policies, Block Public Access, and network origin controls such as restricting access to your Virtual Private Cloud (VPC). Because your data continues to reside in your FSx for OpenZFS file system, you continue to access your data using Network File System (NFS) and benefit from existing data management capabilities.

You can use your file data in Amazon FSx for OpenZFS file systems to power generative AI applications with Amazon Bedrock for Retrieval Augmented Generation (RAG) workflows, train ML models with Amazon SageMaker, and run analytics or business intelligence (BI) with Amazon Athena and AWS Glue as if the data were in S3, using the S3 API. You can also generate insights using open source tools such as Apache Spark and Apache Hive, without moving or refactoring your data.

To get started
You can create and attach an S3 Access Point to your Amazon FSx for OpenZFS file system using the Amazon FSx console, the AWS Command Line Interface (AWS CLI), or the AWS SDK.

To start, you can follow the steps in the Amazon FSx for OpenZFS file system documentation page to create the file system, then, using the Amazon FSx console, go to Actions and select Create S3 access point. Leave the standard configuration and then create.

To monitor the creation progress, you can go to the Amazon FSx console.

Once available, choose the name of the new S3 access point and review the access point summary. This summary includes an automatically generated alias that works anywhere you would normally use S3 bucket names.

Using the bucket-style alias, you can access the FSx data directly through S3 API operations.

  • List objects using the ListObjectsV2 API

  • Get files using the GetObject API

  • Write data using the PutObject API

The data continues to be accessible via NFS.

Beyond accessing your FSx data through the S3 API, you can work with your data using the broad range of AI, ML, and analytics services that work with data in S3. For example, I built an Amazon Bedrock Knowledge Base using PDFs containing airline customer service information from my travel support application repository, WhatsApp-Powered RAG Travel Support Agent: Elevating Customer Experience with PostgreSQL Knowledge Retrieval, as the data source.

To create the Amazon Bedrock Knowledge Base, I followed the connection steps in Connect to Amazon S3 for your knowledge base user guide. I chose Amazon S3 as the data source, entered my S3 access point alias as the S3 source, then configured and created the knowledge base.

Once the knowledge base is synchronized, I can see all documents and the Document source as S3.

Finally, I ran queries against the knowledge base and verified that it successfully used the file data from my Amazon FSx for OpenZFS file system to provide contextual answers, demonstrating seamless integration without data movement.

Things to know
Integration and access control – Amazon S3 Access Points for Amazon FSx for OpenZFS file systems support standard S3 API operations (such as GetObject, ListObjectsV2, PutObject) through the S3 endpoint, with granular access controls through AWS Identity and Access Management (IAM) permissions and file system user authentication. Your S3 Access Point includes an automatically generated access point alias for data access using S3 bucket names, and public access is blocked by default for Amazon FSx resources.

Data management – Your data stays in your Amazon FSx for OpenZFS file system while becoming accessible as if it were in Amazon S3, eliminating the need for data movement or copies, with file data remaining accessible through NFS file protocols.

Performance – Amazon S3 Access Points for Amazon FSx for OpenZFS file systems deliver first-byte latency in the tens of milliseconds range, consistent with S3 bucket access. Performance scales with your Amazon FSx file system’s provisioned throughput, with maximum throughput determined by your underlying FSx file system configuration.

Pricing – You’re billed by Amazon S3 for the requests and data transfer costs through your S3 Access Point, in addition to your standard Amazon FSx charges. Learn more on the Amazon FSx for OpenZFS pricing page.

You can get started today using the Amazon FSx console, AWS CLI, or AWS SDK to attach Amazon S3 Access Points to your Amazon FSx for OpenZFS file systems. The feature is available in the following AWS Regions: US East (N. Virginia, Ohio), US West (Oregon), Europe (Frankfurt, Ireland, Stockholm), and Asia Pacific (Hong Kong, Singapore, Sydney, Tokyo).

— Eli

from AWS News Blog https://ift.tt/ATkEz0q
via IFTTT

Rubrik acquires AI startup Predibase to boost agentic AI offerings 

~ Reporter ~ Leave a comment

Data management company Rubrik announced plans Wednesday to acquire artificial intelligence startup Predibase, a move aimed at accelerating the adoption of agentic AI in enterprise settings and pushing efficient AI deployments from pilot programs into full production.

The terms of the deal were not made public, but sources familiar with the situation told CNBC the sale price may range from $100 million to $500 million. Predibase, which was founded in 2021 by former Google and Uber employees, has received over $28 million in funding.

Rubrik, which went public last year, is known for enterprise data protection and recovery services. The company has reported over $1 billion in annualized revenue and a significant increase in value since its initial public offering. Rubrik’s acquisition of Predibase represents its most substantial step yet toward integrating more advanced AI tools with its existing offerings.

Predibase’s platform allows organizations to fine-tune open-source AI models for specific business use cases, and to operate at production scale without massive infrastructure expenses. The company’s technology stack features a proprietary post-training customization toolkit and an open-source system known as LoRA eXchange for personalized model deployment.

For Rubrik, leveraging Predibase’s technology opens pathways to deliver “radical simplicity” in AI models and data management, according to company executives. The deal aims to address persistent industry bottlenecks such as high infrastructure costs, limited model accuracy, data governance hurdles, and slow transitions from pilot to production.

Rubrik’s acquisition aligns with broader efforts across the AI and cloud industry to streamline and secure the deployment of generative AI applications. The move complements its existing collaborations with Amazon Bedrock, Azure OpenAI, and Google Agentspace.

Predibase counts enterprises such as Checkr, Marsh McLennan, and Qualcomm among its clients. 

The post Rubrik acquires AI startup Predibase to boost agentic AI offerings  appeared first on CyberScoop.

from CyberScoop https://ift.tt/cjECXWo
via IFTTT

Stealth China-linked ORB network gaining footholds in US, East Asia

~ Reporter ~ Leave a comment

A recently discovered operational relay box (ORB) network controlled by a China-linked threat group already exceeds 1,000 devices and is growing across the United States and East Asia, SecurityScorecard said in a threat report released Monday. 

The ORB network, which SecurityScorecard dubbed “LapDogs,” is primarily composed of routers designed for small or home offices but also includes infected IoT devices, virtual servers and IP cameras. 

Earliest nodes detected by researchers date back to September 2023 and the network has gradually grown since, infecting no more than 60 devices at a time, indicating a highly targeted operation focused on specific locations. Researchers have identified 162 distinct intrusion sets, and more devices are added to the ORB with each intrusion campaign. 

“The expansion rate of LapDogs is going up,” Gilad Maizles, security researcher at SecurityScorecard, said in an email. “Campaigns become more frequent, and with greater yield in numbers, which ultimately leads to more devices added than removed from the network.”

More than one-third of the infections are located in the United States, followed by Japan, South Korea, Taiwan and Hong Kong. Active infections span devices and services from Ruckus Wireless, Asus, Buffalo Technology, Cisco-Linksys, D-Link, Microsoft, Panasonic and Synology. More than half of the compromised devices are Ruckus Wireless access points, according to SecurityScorecard.

“Post-infection activity from this network is still unclear,” Maizles said. “Some ORBs used by China-Nexus actors are shared infrastructure and can host and facilitate more than one intrusion set at once. This makes questions regarding APT motivations, TTPs and post-infection activities much harder to answer. This also ultimately demonstrates how harmful and dangerous ORBs are as an emerging threat within the China-Nexus APT landscape.”

ORB networks are more complicated than botnets, allowing threat groups who control them more stealth capabilities typically used for espionage.

Botnets are similar in that they also ride on a large set of internet-facing devices or virtual services, but “ORB networks are more like Swiss Army knives, and can contribute to any stage of the intrusion lifecycle,” SecurityScorecard researchers said in the report. This includes reconnaissance, anonymized browsing, network traffic data collection for port and vulnerability scanning, node reconfiguration and relaying stolen data upstream. 

Mandiant Intelligence previously chronicled China state-sponsored threat groups’ growing use of ORB networks as a low-effort exercise designed to “create a constantly evolving mesh network that can be used to conceal espionage operations.” 

ORB networks chip away at the notion of attacker-controlled architecture and because they cycle through network infrastructure on a monthly basis. Mandiant researchers warn that the elimination of indicators of compromise is accelerating, because these operational characteristics of ORB networks make it harder for threat researchers to spot and attribute unusual activity on infected nodes. 

The number of devices infected by LapDogs is smaller than other ORBs, but that is likely due to a deliberate decision by the threat group operating the ORB, Maizles said. 

“We speculate that it is an attempt to keep the ORB under the radar and successfully so for the past two years,” he said. “LapDogs could be utilized for long-term, covert and localized operations, which can carry much greater impact on any given organization, rather than widespread infections.”

The post Stealth China-linked ORB network gaining footholds in US, East Asia appeared first on CyberScoop.

from CyberScoop https://ift.tt/wKkRCds
via IFTTT