Tag Archives: Information Technology

OpenAI plans to Shift Compute Needs from Microsoft to SoftBank

Posted on by
Softbank & OpenAI
Softbank & OpenAI

OpenAI is forecasting a major shift in the next five years around who it gets most of its computing power from, The Information reported on Friday.

By 2030, OpenAI expects to get three-quarters of its data center capacity from Stargate, a project that’s expected to be heavily financed by SoftBank, one of OpenAI’s newest financial backers. That represents a major shift away from Microsoft, OpenAI’s biggest shareholder, who fulfills most of the startup’s power needs today.

The change won’t happen overnight. OpenAI still plans to increase its spending on Microsoft-owned data centers in the next few years.

During that time, OpenAI’s overall costs are set to grow dramatically. The Information reports that OpenAI projects to burn $20 billion in cash during 2027, far more than the $5 billion it reportedly burned through in 2024. By 2030, OpenAI reportedly forecasts that its costs around running AI models, also known as inference, will outpace what the startup spends on training AI models.

SOURCE ARTICLE:

https://techcrunch.com/2025/02/21/report-openai-plans-to-shift-compute-needs-from-microsoft-to-softbank/?utm_source=tldrai

DeepSeek to Open Source Parts of Online Services Code

Posted on by
DeepSeek
DeepSeek

Chinese AI lab DeepSeek plans to open source portions of its online services’ code as part of an “open source week” event next week.

DeepSeek will open source five code repositories that have been “documented, deployed and battle-tested in production,” the company said in a post on X on Thursday.

Code repositories are storage locations for software development assets, and typically contain source code as well as configuration files and project documentation.

“As part of the open-source community, we believe that every line shared becomes collective momentum that accelerates the journey,” the company wrote. “Daily unlocks are coming soon. No ivory towers — just pure garage-energy and community-driven innovation.”

DeepSeek, which has a history of making its AI models openly available under permissive licenses, has lit a fire under AI incumbents like OpenAI. In recent social media posts, OpenAI CEO Sam Altman admitted DeepSeek has lessened OpenAI’s technological lead, and said that OpenAI would consider open sourcing more of its technology in the future.

SOURCE ARTICLE:

https://techcrunch.com/2025/02/21/deepseek-to-open-source-parts-of-online-services-code/?utm_source=tldrai

SANS Sees Phishers Use Tricky Hyphens in URLs

Posted on by

To a phisher, one tiny hyphen can make a big mark.

SANS Technology Institute Dean of Research Johannes Ullrich alerted users to a “clever” phishing tactic that uses a URL containing a “com-” domain prefix. With that tiny, easy-to-miss hyphen, threat actors can disguise a malicious destination.

Ullrich noted on the SANS site that the phishing tactic was placed into fraudulent messages alerting a user of unpaid tolls. (The FBI warned the public of toll trolls in April 2024, when there were over 2,000 complaints of attacks using fake text messages.)

How the “.com-” tactic works. A legitimate site involving Florida’s toll system (SunPass) would involve a forward slash and look something like: “sunpass.com/tolls.”

In instances discovered by Ullrich and shared on the SANS site, the phisher registers for and receives a domain that begins with “com-,” followed by seemingly random letters, then ending with a top-level domain, like .info, .top, .xyz, and even .com.

To a reader, the phishy URL appears as something like: “sunpass.com-[random letters].top”—a tricky difference to notice when you’re quickly looking on a tiny phone screen and it appears that you owe toll money.

Fraud jobs. URL obfuscation is a favorite tactic of opportunistic threat actors, who register mimicking domains to trick fans of events like the Super Bowl or the Olympics. (Business administration company CSC identified 5,000 unique domain registrations mimicking well-known sportsbooks, between Jan. 1, 2023, and Dec. 24, 2024, for example.)

According to the FTC, government impersonation scammers led to $618 million in losses in 2023, up from $497 million in 2022 and $428 million in 2021.

Dash money. Ullrich told IT Brew that he continues to see “com-” domains registered: 315 on Feb. 11, 428 on Feb. 10, and 269 on Feb 9. (The sites are often short-lived and quickly shut down as fraudulent, he added.)

Many of the questionable domains point to the same IP address, Ullrich said, suggesting one actor is registering and rotating between them.

Ullrich also shared with IT Brew a new twist on the hyphen-ishing trend: A “com.-” domain prefix with a “.com” ending to the URL, and a “case number” in between to convince targeted users that the sender is from an IT support team.

“They can use any prefix for the domain to impersonate arbitrary .com domains,” Ullrich told us in an email.

In his Feb. 5 post, Ullrich advised IT pros to review DNS queries for these kinds of prefixes.

SOURCE ARTICLE:

https://www.itbrew.com/stories/2025/02/18/sans-sees-phishers-use-tricky-hyphens-in-urls?mbcid=38663986.101742&mblid=0526c530a3f5&mid=bfeacb7fd34941195bb37df6366acc6f&utm_campaign=itb&utm_medium=newsletter&utm_source=morning_brew

The Art of Linux Kernel Rootkits

Posted on by

1. What is a rooktit?

A rootkit is malware whose main objective and purpose is to maintain persistence within a system, remain completely hidden, hide processes, hide directories, etc., in order to avoid detection.

This makes its detection very complex, and its mitigation even more complex, since one of the main objectives of a rootkit is to remain hidden.

A rootkit, it changes the system’s default behavior to what it wants.

1.1 What is a kernel? Userland and kernel land differences

The kernel is the core of the operating system, responsible for managing system resources and facilitating communication between hardware and software. It operates at the lowest layer of the system, for example components that operate in kernel land include the kernel itself, device drivers and kernel modules (which we call Loadable Kernel Module, short for LKM).

On the other hand, the userland or userspace is the layer where user programs and applications are executed. This is the part of the OS that interacts with the user, including browsers, text editors, games, common programs that the user uses, etc.

1.2 What is a system call?

System calls (syscalls) are fundamental in OS, they allow running processes to request services from the kernel

These services include operations such as file management, inter-process communication, process creation and management, among others.

A very practical example is when we write code in C, a simple hello world, if we analyze it with strace for example, you will notice that it uses sys_write to be able to write Hello world.

root@infect:~# cat hello.c ; ls hello
#include <stdio.h>

int main() {
    printf("Hello, World!\n");
    return 0;
}
hello
root@infect:~# strace ./hello 2>&1 | grep write

write(1, "Hello, World!\n", 14Hello, World!
root@infect:~#
Continue reading

Palo Alto Networks Tags New Firewall Bug

Posted on by

Palo Alto Networks warns that a file read vulnerability (CVE-2025-0111) is now being chained in attacks with two other flaws (CVE-2025-0108 with CVE-2024-9474) to breach PAN-OS firewalls in active attacks.

The vendor first disclosed the authentication bypass vulnerability tracked as CVE-2025-0108 on February 12, 2025, releasing patches to fix the vulnerability. That same day, Assetnote researchers published a proof-of-concept exploit demonstrating how CVE-2025-0108 and CVE-2024-9474 could be chained together to gain root privileges on unpatched PAN-OS firewalls.

A day later, network threat intel firm GreyNoise reported that threat actors had begun actively exploiting the flaws, with attempts coming from two IP addresses.

CVE-2024-9474 is a privilege escalation flaw in PAN-OS fixed in November 2024 that allows a PAN-OS administrator to execute commands on firewalls with root privileges. Palo Alto Networks warned at the disclosure that the vulnerability was exploited as a zero-day.

CVE-2025-0111 is a file read vulnerability in PAN-OS, allowing authenticated attackers with network access to the management web interface to read files that are readable by the “nobody” user.

The CVE-2025-0111 flaw was also fixed on February 12, 2025, but the vendor updated its bulletin today to warn that it is also now being used in an exploit chain with the other two vulnerabilities in active attacks.

“Palo Alto Networks has observed exploit attempts chaining CVE-2025-0108 with CVE-2024-9474 and CVE-2025-0111 on unpatched and unsecured PAN-OS web management interfaces,” reads the updated bulletin.

While Palo Alto Networks has not shared how the exploit chain is being abused, BleepingComputer has been told they could be chained together to download configuration files and other sensitive information.

Continue reading

Do You Like to Play Steam Games? BEWARE of Malware!

Posted on by
Steam Games
Steam Games

The free-to-play game, PirateFi, infects users with malware that steals browser cookies, enabling the malware’s creator to hijack access to various online accounts. 

Original story:
A hacker published a PC game on Steam to infect users with Windows-based malware. 

The free-to-play game, PirateFi, was released on Thursday. Days later, Valve was spotted sending out a message to affected users, warning them about the threat to their computers.

“We strongly encourage you to run a full-system scan using an antivirus product that you trust or use regularly, and inspect your system for unexpected or newly installed software,” Steam said.

PirateFi was published as a beta. However, according to Steam forum posts, one user noticed something was off when their antivirus software prevented them from running the game, flagging it as carrying “Trojan.Win32.Lazzzy.gen.”

“The essence of the virus: When you launch the ‘game,’ the virus unpacks into /AppData/Temp/****/ and looks like Howard.exe,” the user wrote in Rusian. The malware then appears to steal browser cookies, enabling the malware’s creator to hijack access to various online accounts. 

Another gamer who downloaded the title wrote on Tuesday: “Most of my stuff has either been hacked and passwords changed or being signed in using cookies that’ve been stolen!” 

Continue to read the rest of the articule below…

Source Article:

https://www.pcmag.com/news/did-you-download-this-steam-game-sorry-its-windows-malware?utm_source=tldrinfosec

Understanding CVE-2025-1094: PostgreSQL Exploit Risks (US Treasury)

Posted on by

A high-severity SQL injection bug in the PostgreSQL interactive tool was exploited alongside the zero-day used to break into the US Treasury in December, researchers say.

Rapid7’s principal security researcher, Stephen Fewer, disclosed CVE-2025-1094 (8.1) on Thursday, saying it was a key part of the exploit chain that also included the BeyondTrust zero-day (CVE-2024-12356).

In fact, CVE-2025-1094 was so important to the chain that the BeyondTrust attack couldn’t have been pulled off without it, we’re told.

“Rapid7 discovered that in every scenario we tested, a successful exploit for CVE-2024-12356 had to include exploitation of CVE-2025-1094 in order to achieve remote code execution,” said Fewer.

“While CVE-2024-12356 was patched by BeyondTrust in December 2024, and this patch successfully blocks exploitation of both CVE-2024-12356 and CVE-2025-1094, the patch did not address the root cause of CVE-2025-1094, which remained a zero-day until Rapid7 discovered and reported it to PostgreSQL.”

According to Rapid7’s director of vulnerability intelligence, Caitlin Condon, CVE-2025-1094 affects all versions of the PostgreSQL interactive tool, but, fortunately, it isn’t particularly simple to exploit. Given the complexity of the exploit pattern, Rapid7 doesn’t expect attacks to be carried out away from the BeyondTrust versions already known to be vulnerable.

She said via Mastodon: “But with the above said, it’s clear that the adversaries who perpetrated the December attack really knew the target technology, which is yet another example of a zero-day exploit trend Rapid7 started tracking in 2023.”

The vulnerability in the PostgreSQL interactive tool (psql) can lead to arbitrary code execution (ACE) and there is also a technique to exploit it independently from CVE-2024-12356. Rapid7 said BeyondTrust’s patch for its zero-day didn’t address the root cause of the psql bug, but it does prevent the two from being exploited together.

The psql vulnerability can be exploited because of an incorrect assumption that a SQL injection attack can’t be carried out when a malicious input is safely escaped via PostgreSQL’s string escaping routines, Fewer said.

Source Article:

https://www.theregister.com/2025/02/14/postgresql_bug_treasury/?utm_source=tldrinfosec

BACK AT IT AGAIN AND ON A NEW JOURNEY!!

Posted on by

It has been several years since I was actively posting on this site. The last three or so years I stepped away from hands-on keyboard type of work and staying up-to-date on IT related information. I was focused on creating a quarterly enablement plan for all VMware Field Sales/Technical folks had the latest information related to VMware solutions. I did this on a global scale working with all the Program Managers of our solutions as well as the field sales managers ensuring field personnel were getting the proper ongoing enablement.

VMware was acquired a little over a year ago by Broadcom. As usual with acquisitions, positions get eliminated as mine did. So I am back looking for a new opportunity and have decided I want to get into Cyber Security and use my years of experience in IT and technology to support this new venture.

I had my CompTIA Security+ in the past but has expired so I am working on that now to re-certify and help with breaking into the security side of the house. After I finish that I will be doing the Certified Information Systems Professional (CISSP) and Certified Ethical Hacker (CEH) certifications over the next few months.

My hope is with these security focused certifications under my belt, I can break into a Cyber Security role. I know I will have to get an entry-level position, but I am willing to do what it takes.

Needless to say, my posts moving forward will be security focused to support my new career. I plan to post relevant security information related to IT. Hopefully as I learn, my readers will learn as well!

I also would love to hear from any of you in the industry with any suggestions as far as what to post here as well as for myself in my Cyber Security learning journey.

NOW LET THE FUN BEGIN!!