❌

Reading view

There are new articles available, click to refresh the page.

OpenAI announces new o3 model β€” but you can’t use it yet

Welcome back to Week in Review. This week, we’re looking at OpenAI’s last β€” and biggest β€” announcement from its β€œ12 Days of OpenAI” event; Apple’s potential entrance into the foldable market; and why Databricks is choosing to wait to go public. Let’s get into it. P.S. We’re off for the holidays! Week in Review […]

Β© 2024 TechCrunch. All rights reserved. For personal use only.

GitHub launches a free version of its Copilot

Microsoft-owned GitHub announced on Wednesday a free version of its popular Copilot code completion/AI pair programming tool, which will also now ship by default with Microsoft’s popular VS Code editor. Until now, most developers had to pay a monthly fee, starting at $10 per month, with only verified students, teachers, and open source maintainers getting […]

Β© 2024 TechCrunch. All rights reserved. For personal use only.

Yearlong supply-chain attack targeting security pros steals 390K credentials

A sophisticated and ongoing supply-chain attack operating for the past year has been stealing sensitive login credentials from both malicious and benevolent security personnel by infecting them with Trojanized versions of open source software from GitHub and NPM, researchers said.

The campaign, first reported three weeks ago by security firm Checkmarx and again on Friday by Datadog Security Labs, uses multiple avenues to infect the devices of researchers in security and other technical fields. One is through packages that have been available on open source repositories for over a year. They install a professionally developed backdoor that takes pains to conceal its presence. The unknown threat actors behind the campaign have also employed spear phishing that targets thousands of researchers who publish papers on the arXiv platform.

Unusual longevity

The objectives of the threat actors are also multifaceted. One is the collection of SSH private keys, Amazon Web Services access keys, command histories, and other sensitive information from infected devices every 12 hours. When this post went live, dozens of machines remained infected, and an online account on Dropbox contained some 390,000 credentials for WordPress websites taken by the attackers, most likely by stealing them from fellow malicious threat actors. The malware used in the campaign also installs cryptomining software that was present on at least 68 machines as of last month.

Read full article

Comments

Β© Getty Images

GitHub launches $1.25M open source fund with a focus on security

The open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million […]

Β© 2024 TechCrunch. All rights reserved. For personal use only.

❌