Critical security vulnerabilities affect different parts of the Model Context Protocol (MCP) ecosystem, which many organizations are rapidly adopting in order to integrate AI models with external data sources.
from darkreading https://ift.tt/BMG4CPz
via IFTTT
Three teenagers and a 20-year-old woman were arrested Thursday by the U.K.’s National Crime Agency for their alleged role in cyberattacks on major retailers Marks & Spencer (M&S), Co-op, and Harrods.
The arrests, comprising British and Latvian nationals, followed sustained investigations into attacks that crippled the retailers’ operations. The NCA’s National Cyber Crime Unit detained all four at their homes and seized their electronic devices.
“Since these attacks took place, specialist NCA cybercrime investigators have been working at pace and the investigation remains one of the Agency’s highest priorities,” Deputy Director Paul Foster, head of the NCA’s National Cyber Crime Unit, said in a statement. “Today’s arrests are a significant step in that investigation but our work continues, alongside partners in the U.K. and overseas, to ensure those responsible are identified and brought to justice.”
The particular incidents that led to these arrests occurred in April, with attackers crippling the online services of Marks & Spencer, a popular retailer in the U.K. The company’s online sales channels were halted, contactless payments and click-and-collect options were disrupted, and in-store product availability suffered. The attack also resulted in the theft of customer information, including names, email addresses, and postal data. Recovery efforts began in June, with the retailer eventually restoring sections of its online business across the U.K.
Industry experts and law enforcement agencies in several countries have attributed the attacks to a cybercriminal group known as Scattered Spider. The loose-knit collective has infiltrated more than 100 businesses since 2022, hitting organizations in hospitality and gaming, manufacturing, technology and cloud services, telecommunications, retail, manufacturing, food production, insurance and financial services, media, apparel, business process outsourcing, health care, transportation and aviation, according to researchers.
The group is allegedly also behind cyberattacks on several U.S.-based insurance companies, United Natural Foods, and aviation companies WestJet and Hawaiian Airlines.
The group is an offshoot of The Com, a much larger grassroots network of more than 1,000 people responsible for a vast catalog of crimes, including social engineering, crypto theft, phishing, SIM swapping, extortion, sextortion, swatting, kidnapping and murder.
All four arrested are being held on suspicion of violating the U.K.’s Computer Misuse Act, blackmail, money laundering and participating in the activities of an organized crime group.
The post UK arrests four for cyberattacks on major British retailers appeared first on CyberScoop.
from CyberScoop https://ift.tt/ECAdnsb
via IFTTT
This security startup provides managed detection and response services for small-to-midsized businesses to detect and address modern threats such as ransomware, phishing attacks, and malicious insiders.
from darkreading https://ift.tt/m0cnrlI
via IFTTT
Today, we’re announcing the general availability of Amazon Elastic Compute Cloud (Amazon EC2) P6e-GB200 UltraServers, accelerated by NVIDIA GB200 NVL72 to offer the highest GPU performance for AI training and inference. Amazon EC2 UltraServers connect multiple EC2 instances using a dedicated, high-bandwidth, and low-latency accelerator interconnect across these instances.
The NVIDIA Grace Blackwell Superchips connect two high-performance NVIDIA Blackwell tensor core GPUs and an NVIDIA Grace CPU based on Arm architecture using the NVIDIA NVLink-C2C interconnect. Each Grace Blackwell Superchip delivers 10 petaflops of FP8 compute (without sparsity) and up to 372 GB HBM3e memory. With the superchip architecture, GPU and CPU are colocated within one compute module, increasing bandwidth between GPU and CPU significantly compared to current generation EC2 P5en instances.
With EC2 P6e-GB200 UltraServers, you can access up to 72 NVIDIA Blackwell GPUs within one NVLink domain to use 360 petaflops of FP8 compute (without sparsity) and 13.4 TB of total high bandwidth memory (HBM3e). Powered by the AWS Nitro System, P6e-GB200 UltraServers are deployed in EC2 UltraClusters to securely and reliably scale to tens of thousands of GPUs.
EC2 P6e-GB200 UltraServers deliver up to 28.8 Tbps of total Elastic Fabric Adapter (EFAv4) networking. EFA is also coupled with NVIDIA GPUDirect RDMA to enable low-latency GPU-to-GPU communication between servers with operating system bypass.
EC2 P6e-GB200 UltraServers specifications
EC2 P6e-GB200 UltraServers are available in sizes ranging from 36 to 72 GPUs under NVLink. Here are the specs for EC2 P6e-GB200 UltraServers:
| UltraServer type | GPUs |
GPU memory (GB) |
vCPUs | Instance memory (GiB) |
Instance storage (TB) | Aggregate EFA Network Bandwidth (Gbps) | EBS bandwidth (Gbps) |
| u-p6e-gb200x36 | 36 | 6660 | 1296 | 8640 | 202.5 | 14400 | 540 |
| u-p6e-gb200x72 | 72 | 13320 | 2592 | 17280 | 405 | 28800 | 1080 |
P6e-GB200 UltraServers are ideal for the most compute and memory intensive AI workloads, such as training and inference of frontier models, including mixture of experts models and reasoning models, at the trillion-parameter scale.
You can build agentic and generative AI applications, including question answering, code generation, video and image generation, speech recognition, and more.
P6e-GB200 UltraServers in action
You can use EC2 P6e-GB200 UltraServers in the Dallas Local Zone through EC2 Capacity Blocks for ML. The Dallas Local Zone (us-east-1-dfw-2a) is an extension of the US East (N. Virginia) Region.
To reserve your EC2 Capacity Blocks, choose Capacity Reservations on the Amazon EC2 console. You can select Purchase Capacity Blocks for ML and then choose your total capacity and specify how long you need the EC2 Capacity Block for u-p6e-gb200x36 or u-p6e-gb200x72 UltraServers.
Once Capacity Block is successfully scheduled, it is charged up front and its price doesn’t change after purchase. The payment will be billed to your account within 12 hours after you purchase the EC2 Capacity Blocks. To learn more, visit Capacity Blocks for ML in the Amazon EC2 User Guide.
To run instances within your purchased Capacity Block, you can use AWS Management Console, AWS Command Line Interface (AWS CLI) or AWS SDKs. On the software side, you can start with the AWS Deep Learning AMIs. These images are preconfigured with the frameworks and tools that you probably already know and use: PyTorch, JAX, and a lot more.
You can also integrate EC2 P6e-GB200 UltraServers seamlessly with various AWS managed services. For example:
Now available
Amazon EC2 P6e-GB200 UltraServers are available today in the Dallas Local Zone (us-east-1-dfw-2a) through EC2 Capacity Blocks for ML. For more information, visit the Amazon EC2 pricing page.
Give Amazon EC2 P6e-GB200 UltraServers a try in the Amazon EC2 console. To learn more, visit the Amazon EC2 P6e instances page and send feedback to AWS re:Post for EC2 or through your usual AWS Support contacts.
— Channy
from AWS News Blog https://ift.tt/g2J6bkL
via IFTTT
A container escape flaw involving the NVIDIA Container Toolkit could have enabled a threat actor to access AI datasets across tenants.
from darkreading https://ift.tt/U85id9X
via IFTTT
We really love builders at AWS. We’re constantly thinking of new ways to help technical communities thrive and create spaces like AWS Developer Center and community.aws where people can connect and share their knowledge and experiences.
Today, we’re announcing AWS Builder Center, a new home for builders to access all builder resources, engage with the AWS community, and provide feedback or product suggestions to AWS product teams. This new experience also integrates the previous AWS Developer Center and community.aws.
There are a variety of exciting features so let us discover some of them.
Your voice matters: Introducing Wishlist
One of the most exciting new features, in my opinion, is Wishlist. You can now submit your wishes for new features or improvements you’d like to see in AWS services. Others can discover and vote on these wishes while also creating their own.
You can influence product roadmap collectively as a community and help us shape the future of AWS services. You can share ideas, suggestions, feature proposals, or challenges while operating AWS services, with the ability for the AWS community to upvote ideas and highlight the most sought-after improvements. Our internal teams will keep an eye on these and bring the most popular wishes to the attention of our service teams, making your voice an integral part of our product development process.
Connect people in the AWS community
On the Connect page, you’ll find many opportunities to connect directly with AWS Heroes and AWS Community Builders. You can explore and join AWS User Groups and AWS Cloud Clubs near your cities around the world.
On top of that, you can bookmark this page as your centralized hub for finding upcoming community events, making it easy to find opportunities to learn and network in your local area and meet like-minded builders who share your interests.
Speaking of following people, AWS Builder Center makes it really straightforward to connect and engage with others, serving as the central hub for the AWS technical community. It brings together all the different ways that you can connect with fellow builders. For example, the Who to Follow section introduces you to AWS Heroes, Community Builders, and active community members who are sharing their knowledge and expertise in your areas of interest.
Explore our AWS hands-on resources
On the Build page, you’ll discover ways to get familiar with AWS with hands-on experience such as interactive learning resources designed for every skill level such as AWS Tutorials and AWS Workshops. You can explore generative AI and agentic AI services playground and find the AWS Free Tier to try out AWS services free of charge up to specified limits for each service.
Choose the Toolbox page and discover the latest tools, programming language resources, and Open Source projects for AWS. The Toolbox has everything you need to get your project scaffolded and up and running.
To improve the build experience for builders, we plan to expand Builder Center’s built-in offerings such as creating dedicated groups and forums for collaborating on a particular topic, run workshops for hands-on labs, and various service playgrounds where builders can freely experiment with AWS services.
Supporting your builder journey
The new Learn section serves as your gateway to skill development, bringing together everything you need to expand your AWS expertise. Here, you can explore learning and training resources, workshops, gamified experiences, and more to make your journey of building on AWS both educational and engaging.
Choose the Topics page, where you can explore and discover more content. You can explore content by topics and tags. There is a featured and trending topics section that helps you to stay connected with what’s capturing the community’s attention right now.
Built-in localization for your spoken language
AWS Builder Center breaks down language barriers with comprehensive localization support. All content published in the Builder Center is automatically available in 16 languages, and user-generated content, such as posts, comments, or wishes, can be machine-translated on demand using Translate. So, you can collaborate with builders worldwide, sharing knowledge and experiences across language boundaries.
By default, all content will be displayed in based on the language that your browser is set to. But, you can override this by visiting the settings page and choosing the language that you want AWS Builder Center to use by default.
Sign up and build your profile now
AWS Builder Center gives you a more personalized and comprehensive way to showcase your AWS journey. Your unique profile comes with a custom URL and shareable QR code, making it straightforward to connect with others and share your presence in the AWS community.
All your posts, wishes, and meaningful interactions are organized within a centralized view so you can easily check them. In the Manage profile page, you can customize your profile, add specific interests and areas of expertise, helping you connect with builders who share your passions. Profile management is seamless: it synchronizes across all AWS services using AWS Builder ID, ensuring your identity remains consistent wherever you engage with AWS offerings.
Visit builder.aws.com, sign up with AWS Builder ID, and claim your unique alias to access all features, including content creation, Wishlist, and community engagement tools.
AWS Builder Center was designed to help you connect, learn, and build with fellow AWS builders, so enjoy your journey together!
— Channy & Matheus Guimaraes | @codingmatheus
from AWS News Blog https://ift.tt/ePaToBs
via IFTTT
Worried about hackers employing LLMs to write powerful malware? Using targeted reinforcement learning (RL) to train open source models in specific tasks has yielded the capability to do just that.
from darkreading https://ift.tt/DeiTJ5u
via IFTTT
An impostor who posed as the secretary of state in text and voice communications with diplomats and politicians demonstrates the increased sophistication of and national security threat posed by the AI technology.
from darkreading https://ift.tt/EHbY5wd
via IFTTT
Startup Tumeryk’s State of AI Trust finds Google Gemini Pro 2.5 as the most trustworthy with ChatGPT-4 Mini a close second, while DeepSeek and Alibaba Qwen scoring lowest.
from darkreading https://ift.tt/KOfEepl
via IFTTT
Applications are a common intrusion point, but the way attackers gain access, maneuver and create mayhem within and across applications doesn’t always neatly fit into MITRE’s ATT&CK framework.
The team at Oligo Security is releasing a new framework it calls Application Attack Matrix to complement areas of MITRE’s framework that it describes as too broad, filling gaps to help defenders and organizations better understand and define how attackers use applications and the actions they’re taking often under disguise.
“Most of the approaches that we know today are focused on the post-exploit technique, and on the infrastructure and endpoint,” Gal Elbaz, Oligo Security’s co-founder and CTO, told CyberScoop. This, he said, is akin to addressing the symptom of an attack without understanding the root cause of how attackers broke in.
The effort, which has grown and built on support from threat intelligence and enterprise security leaders — and from MITRE itself — addresses every tactic in the MITRE ATT&CK framework pertaining to the application attack lifecycle: pre-intrusion, intrusion, post-intrusion and impact. “Each and every layer of those tactics are being utilized by techniques that are happening on the app layer,” Elbaz said.
The Application Attack Matrix addresses what occurred at the app level, distinguishing between an exploited vulnerability, bypassed control, login without a credential, or a supply-chain compromise via software or software development tools.
It also distinguishes exactly how exploitation occurs, broadening the category of remote code execution to include specific tactics such as command injection of an arbitrary file, lightweight directory access protocol injection, XML injection or a SQL injection.
In the most equivalent MITRE technique, the containers matrix, “nothing talks about what’s happening inside the container, whether it was the application layer that was compromised by maybe a Python package, or Java, or Go, or node, or just the ability to understand the act of the intrusion,” Elbaz said.
In MITRE, the exploit of a public-facing application — a common technique for initial access — is broad, encompassing about 65 different types of attacks, he said.
Avi Lumelsky, AI security researcher at Oligo Security, said the Application Attack Matrix breaks down these dozens of attacks that are grouped under the exploitation of a public-facing application technique into real-world scenarios.
“MITRE also covers those, but we tried to break it down into more specific sub-techniques and techniques that are very, very specific to applications, no matter where they run,” Lumelsky said. “We are focusing on cloud applications, but we don’t care what is the cloud provider, whether it’s a container or not, whether it’s a regular machine or Kubernetes. To us, an application is an application.”
The knowledge base that Oligo Security plans to release as open source on GitHub includes a framework and taxonomy for categorizing and exchanging information about application-layer threats and steps for mitigation. Leaders of the Tel Aviv, Israel-based company, which was founded in 2022, assert this conjunctive framework is required to understand how attackers circumvent cybersecurity systems, exploit application vulnerabilities and security blind spots in web, mobile and microservice environments.
“Our new matrix, this new approach, focuses on the application level, which is exactly the kind of attacks that have been spotted in the wild,” Elbaz said. Some of the most devastating attacks, such as Log4Shell, MOVEit and SolarWinds, were carried out inside application contexts, he added.
“We cannot monitor what’s happening inside the application, and this became the biggest blind spot for attackers, and their ability to really stay invisible and undetected by other security tools,” Elbaz said. “The Application Attack Matrix is the first dedicated framework for real world application attacking techniques.”
The Application Attack Matrix is a community effort that Oligo Security envisions as an ongoing project with industrywide support. “It’s everybody’s problem,” Lumelsky said. “I think everybody understands it, and we welcome everybody to contribute.”
The post Oligo Security strives to fill application-layer gaps in MITRE ATT&CK framework appeared first on CyberScoop.
from CyberScoop https://ift.tt/ZAoC5nU
via IFTTT