A fix for a critical flaw in a tool allowing organizations to run GPU-accelerated containers released last year did not fully mitigate the issue, spurring the need to patch a secondary flaw to protect organizations that rely on NVIDIA processors for AI workloads.
from darkreading https://ift.tt/puK43qJ
via IFTTT
Introduction
Cyber threats targeting supply chains have become a growing concern for businesses across industries. As companies continue to expand their reliance on third-party vendors, cloud-based services, and global logistics networks, cybercriminals are exploiting vulnerabilities within these interconnected systems to launch attacks. By first infiltrating a third-party vendor with undetected
from The Hacker News https://ift.tt/kwaRgPn
via IFTTT
Researchers at Abnormal Security said threat actors are using a legitimate presentation and graphic design tool named "Gamma" in phishing attacks.
from darkreading https://ift.tt/lTma3po
via IFTTT
Bad bots are becoming increasingly difficult to detect as they more easily mimic human behaviors and utilize evasion techniques, researchers say.
from darkreading https://ift.tt/Vw984t1
via IFTTT
A Chinese state-sponsored hacking group has been observed using recently released open-source offensive security tools and other tactics in an effort to blend in with more common cybercriminal activity.
The group, UNC5174, is an espionage-minded hacking group that is believed to have ties to the Chinese government and targets Western governments, technology companies, research institutions and think tanks.
In a new campaign observed by researchers at Sysdig, the group was seen using VShell — an open-source Remote Access Trojan made by a Chinese developer and popular among Chinese cybercriminals — to carry out post-exploitation activity.
They were also spotted using WebSockets — a set of open-source communication protocols — to communicate with command-and-control infrastructure, masking much of its malicious traffic through encrypted transmissions.
This was apparently effective, as Sysdig threat research engineer Alessandra Rizzo noted that “our runtime capture confirms that, except for a few random words, we found nothing of note in the network traffic once the connection was upgraded to a WebSocket.”
The observed behavior aligns with a broader trend researchers are seeing, with more advanced and state-sponsored threat actors foregoing bespoke tooling in favor of open source or cheaper tools used by “script kiddies,” or lower technical cybercriminals.
This approach “seems to hold especially true for this particular threat actor, who has been under the radar for the last year since being affiliated with the Chinese government,” Rizzo wrote. It’s also notable because “nearly all” of UNC5174’s tooling observed until the past year had been custom-built and “not easily-copied.”
UNC5174 was seen using both Vshell and WebSockets as recently as January, even as the group continued to rely on custom malware for post-exploitation while targeting Linux-based systems.
Indeed, one of the calling cards of UNC5174 is the use of SNOWLIGHT, a malware family first identified by researchers at Mandiant that acts in tandem with VShell to deploy fileless malware on victim systems.
In this latest campaign, the actors use a payload called “dnsloger” that is part of the SNOWLIGHT family. They took actions that reflected in-depth knowledge of Linux-based operating systems, including methods for maintaining persistence, defensive evasion, and injection techniques.
It’s not clear how UNC5174 is obtaining initial access to victim systems, but included among the artifacts discovered by Sysdig researchers are a number of command-and-control domains that suggest that typosquatted website domains and phishing tactics were used.
The findings align with other recently reported activity around UNC5174.
In 2024, the French Cybersecurity Agency ANSSI observed an attacker using the same tactics, techniques and procedures as UNC5174’s exploitation of vulnerabilities in Ivanti’s Cloud Service Appliance product, giving them remote code execution privileges on infected machines. That attack included the use of a zero-day flaw (CVE2024-8190) days before Ivanti published a security advisory.
But further investigation of infected victims by the agency found that the group had used “common intrusion set” to gain initial access, and suggested that UNC5174 may have been selling its access to the highest bidder.
“Moderately sophisticated and discreet, this intrusion set is characterised by the use of intrusion tools largely available as open source and by the — already publicly reported — use of a rootkit10 code,” the agency wrote. “Post-exploitation activities do nevertheless differ from one incident to the next, which supports the hypothesis of an intrusion set being used as a means to secure initial access points, to then be sold off or entrusted to other operators.”
Rizzo wrote that UNC5174’s use of open-source tools like VShell and WebSockets has likely helped the group mask its presence in other, yet-to-be discovered campaigns.
“The lack of public documentation on VShell being employed by this threat actor is telling, as the evidence we have gathered shows that this campaign has been active since at least November 2024,” Rizzo noted.
The post Chinese espionage group leans on open-source tools to mask intrusions appeared first on CyberScoop.
from CyberScoop https://ift.tt/9zQhnUL
via IFTTT
The hallucination problem is not just pervasive, it is persistent as well, according to new research.
from darkreading https://ift.tt/N1Yu8Ij
via IFTTT
The Amazon Web Services (AWS) Summit 2025 season launched this week, starting with the Paris Summit. These free events bring together the global cloud computing community for learning and collaboration. AWS Community Day Romania, held on April 11th, showcased how the local community creates opportunities for collective growth and inclusion.
Last week’s launches
Announcing up to 85% price reductions for Amazon S3 Express One Zone — S3 Express One Zone, a high-performance storage class, now has reduced storage prices by 31 percent, PUT request prices by 55 percent, and GET request prices by 85 percent. In addition, S3 Express One Zone has reduced the per-GB charges for data uploads and retrievals by 60 percent. These charges now apply to all bytes transferred rather than just portions of requests greater than 512 KB.
Here is a price reduction table in the US East (N. Virginia) AWS Region:
| Price | Previous | New | Price reduction |
| Storage (per GB-Month) |
$0.16 | $0.11 | 31% |
| Writes ( PUT requests) |
$0.0025 per 1,000 requests up to 512 KB | $0.00113 per 1,000 requests | 55% |
| Reads ( GET requests) |
$0.0002 per 1,000 requests up to 512 KB | $0.00003 per 1,000 requests | 85% |
| Data upload (per GB) |
$0.008 | $0.0032 | 60% |
| Data retrievals (per GB) |
$0.0015 | $0.0006 | 60% |
AWS announces Pixtral Large 25.02 model in Amazon Bedrock serverless — The Pixtral Large 25.02, developed by Mistral AI, combines advanced vision and language understanding, boasting a 128K context window and multilingual capabilities. This agent-centric design simplifies integration with existing systems. Prompt adherence improves reliability when working with Retrieval Augmented Generation (RAG) applications and large context scenarios.
Introducing Amazon Nova Sonic: Human-like voice conversations for generative AI applications — Amazon Nova Sonic, the newest addition to the Amazon Nova family of foundation models (FMs) is available in Amazon Bedrock to create human-like voice conversations for applications. It unifies speech and text processing into one model, reducing complexity and enhancing natural interactions. Start today with the Amazon Nova model cookbook repository.
Amazon Bedrock Guardrails enhances generative AI application safety with new capabilities — Amazon Bedrock Guardrails introduces new capabilities to enhance generative AI application safety, including multimodal toxicity detection, enhanced Personally Identifiable Information (PII) protection, AWS Identity and Access Management (AWS IAM) policy enforcement, selective guardrail application, and monitor mode for pre-deployment analysis.
AWS App Studio introduces a prebuilt solutions catalog and cross-instance Import and Export — This is a prebuilt solutions catalog with ready-to-use applications and patterns and cross-instance Import and Export functionality. These features help you streamline development applications, reducing setup time to under 15 minutes. Learn more about this in AWS App Studio introduces a prebuilt solutions catalog and cross-instance Import and Export blog.
Amazon Nova Reel 1.1: Featuring up to 2-minutes multi-shot videos — Amazon Nova Reel 1.1 enhances video generation through Amazon Bedrock with support for 2-minute multi-shot videos. You can now create content using either single prompts for automatic generation or custom prompts for individual shots, offering flexible options for marketing and social media content creation.
AWS IAM Identity Center now offers improved error messages and AWS CloudTrail logging for provisioning issues — AWS Identity and Access Management (IAM) Identity Center has enhanced its service with improved error messages and AWS CloudTrail logging capabilities. These updates help users better troubleshoot synchronization issues when managing workforce identities across AWS accounts and applications, while enabling automated monitoring and auditing of provisioning problems.
AWS WAF Console adds new top insights visualizations in additional regions — AWS WAF Console now offers enhanced traffic visualization features in AWS GovCloud (US) Regions. The all traffic dashboard includes new top insights based on Amazon CloudWatch logs, helping customers analyze traffic patterns, identify security threats, and optimize WAF configurations through detailed metrics.
AWS Step Functions expands data source and output options for Distributed Map — AWS Step Functions enhances Distributed Map with expanded data source support, including JSONL and various delimited file formats from Amazon Simple Storage Service (Amazon S3). The update also adds new output transformation options, enabling more flexible parallel processing workflows and better integration with downstream systems.
Amazon CloudWatch now provides lock contention diagnostics for Aurora PostgreSQL — Amazon CloudWatch Database Insights introduces lock contention diagnostics for Amazon Aurora PostgreSQL in Advanced mode. The feature visualizes blocking and waiting sessions, helping users identify root causes of lock contention issues, with 15-month historical data retention for comprehensive troubleshooting.
Get updated with all the announcements of AWS announcements on the What’s New with AWS? page.
Other AWS blog posts
Reduce ML training costs with Amazon SageMaker HyperPod — Amazon SageMaker HyperPod addresses hardware failures in large-scale Machine Learning (ML) model training by automatically detecting and replacing faulty instances. The solution reduces downtime from 280 to 40 minutes per failure, potentially saving 32% of training time for large clusters. For a 10-million GPU-hour training job, this translates to $25.6M in cost savings.
Model customization, RAG, or both: A case study with Amazon Nova — A study comparing model customization with fine-tuning and Retrieval Augmented Generation (RAG) approaches with Amazon Nova models. Key findings show combining both methods yields best results: RAG works well for dynamic data and domain insights, while fine-tuning excels in specialized tasks and latency reduction.
Generate user-personalized communication with Amazon Personalize and Amazon Bedrock — Amazon Personalize and Amazon Bedrock work together to create personalized marketing emails. Learn how to create personalized user communications by combining Amazon Personalize for movie recommendations with Amazon Bedrock for generating tailored email content based on user preferences and demographics.
Implement human-in-the-loop confirmation with Amazon Bedrock Agents — When implementing human validation in Amazon Bedrock Agents, developers have two primary frameworks at their disposal: user confirmation and return of control (ROC). Using an HR application example, user confirmation allows simple yes/no validation before executing actions, while ROC enables users to modify parameters before execution.
Multi-LLM routing strategies for generative AI applications on AWS — Learn how to implement multi-Large Language Model (LLM) routing strategies for AWS generative AI applications using static routing, dynamic routing with Amazon Bedrock, or custom solutions for optimal model selection and cost efficiency.
Here are my personal favorites posts from community.aws:
Building a RAG System for Video Content Search and Analysis — In this blog, I’ll show you how to build a RAG system that makes video content searchable and analyzable. Unlocking video content has never been more crucial in today’s digital landscape. Whether you’re managing educational materials, corporate training, or entertainment content, the ability to search and analyze video content efficiently can transform how we interact with multimedia resources.
Build Serverless GenAI Apps Faster with Amazon Q Developer CLI Agent — Amazon Q Developer CLI Agent enables rapid serverless GenAI app development. With one prompt, it generates infrastructure code, Lambda functions, and integrates with Claude 3 Haiku on Amazon Bedrock.
Speech-to-Speech AI: From Dr. Sbaitso to Amazon Nova Sonic — The evolution of speech-to-speech AI, from Dr. Sbaitso (1990s) to Amazon Nova Sonic. New AWS service enables real-time bidirectional conversations through Amazon Bedrock for more natural applications.
Setup Model Context Protocol (MCP) using Amazon Bedrock — A guide to setting up Model Context Protocol (MCP) desktop client with Amazon Bedrock models, enabling seamless integration between AI applications and external tools using Goose client.
Upcoming AWS events
Check your calendars and sign up for these upcoming AWS events:
AWS GenAI Lofts — GenAI Lofts available around the world, offer collaborative spaces and immersive experiences for startups and developers. You can join in-person GenAI Loft San Francisco events such as GenAI in EdTech: A Hands-On Workshop (April 15), and Unstructured Data Meetup SF (April 16). Find your nearest event at GenAI Lofts.
AWS Summits — Join free online and in-person events that bring the cloud computing community together to connect, collaborate, and learn about AWS. Register in your nearest city: Amsterdam (April 16), London (April 30), and Poland (May 5).
AWS re:Inforce — AWS re:Inforce (June 16–18) in Philadelphia, PA, is our annual learning event devoted to all things AWS cloud security. Registration is open. Be ready to join more than 5,000 security builders and leaders.
AWS Community Days — Join community-led conferences featuring technical discussions, workshops, and hands-on labs driven by expert AWS users and industry leaders from around the world. Upcoming AWS Community Days are scheduled for April 19 in Turkey, and on April 29 in Prague with Jeff Barr as Opening Keynote Speaker.
You can browse all upcoming in-person and virtual events.
Create your AWS Builder ID and reserve your alias. Builder ID is a universal login credential that gives you access—beyond the AWS Management Console—to AWS tools and resources, including over 600 free training courses, community features, and developer tools such as Amazon Q Developer.
That’s all for this week. Stay tuned for next week’s Weekly Roundup!
— Eli
Thanks to Andra Somesan for the AWS Community Romania photo and Thembile Martis for the AWS Paris Summit photo.
This post is part of our Weekly Roundup series. Check back each week for a quick roundup of interesting news and announcements from AWS!
How is the News Blog doing? Take this 1 minute survey!
(This survey is hosted by an external company. AWS handles your information as described in the AWS Privacy Notice. AWS will own the data gathered via this survey and will not share the information collected with survey respondents.)
from AWS News Blog https://ift.tt/qrPUM8s
via IFTTT
Researchers characterize the company’s artificial intelligence chatbot as less secure than ChatGPT and even DeepSeek.
from darkreading https://ift.tt/nCBi5zm
via IFTTT
At re:Invent 2023, we introduced Amazon S3 Express One Zone, a high-performance, single-Availability Zone (AZ) storage class purpose-built to deliver consistent single-digit millisecond data access for your most frequently accessed data and latency-sensitive applications.
S3 Express One Zone delivers data access speed up to 10 times faster than S3 Standard, and it can support up to 2 million GET transactions per second (TPS) and up to 200,000 PUT TPS per directory bucket. This makes it ideal for performance-intensive workloads such as interactive data analytics, data streaming, media rendering and transcoding, high performance computing (HPC), and AI/ML trainings. Using S3 Express One Zone, customers like Fundrise, Aura, Lyrebird, Vivian Health, and Fetch improved the performance and reduced the costs of their data-intensive workloads.
Since launch, we’ve introduced a number of features for our customers using S3 Express One Zone. For example, S3 Express One Zone started to support object expiration using S3 Lifecycle to expire objects based on age to help you automatically optimize storage costs. In addition, your log-processing or media-broadcasting applications can directly append new data to the end of existing objects and then immediately read the object, all within S3 Express One Zone.
Today we’re announcing that, effective April 10, 2025, S3 Express One Zone has reduced storage prices by 31 percent, PUT request prices by 55 percent, and GET request prices by 85 percent. In addition, S3 Express One Zone has reduced the per-GB charges for data uploads and retrievals by 60 percent, and these charges now apply to all bytes transferred rather than just portions of requests greater than 512 KB.
Here is a price reduction table in the US East (N. Virginia) Region:
| Price | Previous | New | Price reduction |
| Storage (per GB-Month) |
$0.16 | $0.10 | 31% |
| Writes ( PUT requests) |
$0.0025 per 1,000 requests up to 512 KB | $0.00113 per 1,000 requests | 55% |
| Reads ( GET requests) |
$0.0002 per 1,000 requests up to 512 KB | $0.00003 per 1,000 requests | 85% |
| Data upload (per GB) |
$0.008 | $0.0032 | 60% |
| Data retrievals (per GB) |
$0.0015 | $0.0006 | 60% |
For S3 Express One Zone pricing examples, go to the S3 billing FAQs or use the AWS Pricing Calculator.
These pricing reductions apply to S3 Express One Zone in all AWS Regions where the storage class is available: US East (N. Virginia), US East (Ohio), US West (Oregon), Asia Pacific (Mumbai), Asia Pacific (Tokyo), Europe (Ireland), and Europe (Stockholm) Regions. To learn more, visit the Amazon S3 pricing page and S3 Express One Zone in the AWS Documentation.
Give S3 Express One Zone a try in the S3 console today and send feedback to AWS re:Post for Amazon S3 or through your usual AWS Support contacts.
— Channy
from AWS News Blog https://ift.tt/8mze4fs
via IFTTT
Google Unified Security brings together threat detection, AI-powered security, secure browser features, and Mandiant services, the company said at its Cloud Next conference.
from darkreading https://ift.tt/Kn5ak97
via IFTTT