Highlights
🚨 X: Massive Cyberattack!
🛡️ FBI: Gmail, Outlook, 365 & VPN!
💀 Medusa: Triple Extortion!
🤖 OpenAI: "Race Over?"
✨ Google: Safer AI with Gemma.
Notice: FY2024 is available on GumRoad and Amazon with paperback.
Deep Dive:
🚨 X hits Massive Cyberattack The Guardian
Outages on March 10th, 2025 in few hours.
Claimed by the CEO, Elon Musk.
Downdetector showed thousands of reports.
IP addresses from Ukraine area.
Musk also owned Starlink, a satellite internet.
Heads-up: Backup plan for communication and infrastructure.
🛡️ FBI Urges 2FA for Webmail/VPN Forbes
By “Medusa”, an apt name of Ransomware-as-a-service.
FBI alert AA25-071A has full technical details.
2FAs, long passwords for all accounts.
Keep OS, software, and firmware updated.
Disable unused port and command lines.
Heads-up: Immediately enforce security on all webmail, VPN, and critical system accounts.
💀 Medusa's Triple Extortion Scheme The Register
Feb 2025: At least 300 victims.
Three payments instead of two.
Target medical, manufacturing, tech and more.
Range from $100,000 to $15M.
Uses "living off the land" techniques.
Heads-up: Store multiple copies in an air-gapped location and use network segmentation.
Living off the land example: New 365 Attack (Forbes)
1. Infrastructure Acquisition └── Control M365 Tenants (New/Compromised) └── Exploit Legitimate Microsoft Emails 2. Technical Configuration └── Create Admin Accounts ├── Abuse Mail Forwarding └── Anti-Phishing Evasion 3. Deception Preparation └── Configure 2nd Tenant Org. Name └── Mimic Microsoft Transaction Notification └── Inject Believable Phishing Lure 4. Attack Execution └── Initiate Trial Subscription (1st Tenant) └── Generate Authentic Microsoft Billing Email └── Phishing Email Appears Legitimate (Bypasses DMARC) 5. Victim Engagement └── Microsoft Billing Emails Used └── Fake Support Contact Numbers Included └── Victims Urged to Contact Fake Support
🤖 "Over" Without Copyright Changes? Ars Technica
OpenAI urges fair use declaration.
Argues national security at stake.
Wants federal law preempting states.
Claims China has data advantage.
US: 832 state AI laws 2025.
Heads-up: Our upcoming post about David Sachs.
✨ Safer and Multimodal with Gemma Google
ShieldGemma 2 input filter.
Responds to image styles.
Built on Gemma 3.
Supports many frameworks.
Open by nature, collaborative.
Heads-up: Gemma 3 is IMPRESSIVE.
Share this post