AI (Computer Vision) для реальной жизни (или кто для кого готов)

Профессия "плотник" полезна в обычной жизни, а что можно сказать о "программисте"? Когда государственной политикой является цифровизация, то правительство должно понимать: цифра она везде цифра! И в обычной жизни придется учитывать и такие истории. Но сначала, чтоб не тратить время "продвинутых" хабберчан, краткое резюме: 1. уровень технической информации = junior 2. стек = python, ultralytics, YOLO (различных версий) 3. тема = распознование объектов, обучение модели 4. социальная польза = забота об экологии в городе Москва История эта началась в нулевых, когда в очередной раз проходя мимо круга разворота автобусов, что находится у дома, я заплутал между громадного их количества, стоящих с включенными двигателями и чадящим прямо под окнами жителей. детали под катом

https://habr.com/ru/articles/895048/

#python #ultralytics #computer_vision #YOLOv12

Zarabianie kryptowalut za pomocą Github Actions? Jak wykorzystano atak na łańcuch dostaw do przejęcia biblioteki Python – ultralytics

Ataki na łańcuch dostaw nie są nowością w świecie IT security. Od książkowego Solarwinds, przez legendarny backdoor w SSH,  po ataki na infrastrukturę służącą do publikacji paczek Pythona – ten rodzaj zagrożenia wciąż powinien być traktowany poważnie. Zwłaszcza, że wykorzystywane są coraz bardziej pomysłowe sposoby na przemycenie niechcianego kodu do...

#WBiegu #Github #GithubActions #Python #Ultralytics

https://sekurak.pl/zarabianie-kryptowalut-za-pomoca-github-actions-jak-wykorzystano-atak-na-lancuch-dostaw-do-przejecia-biblioteki-python-ultralytics/

Our take on the Ultralytics AI Library supply chain attack https://blog.gitguardian.com/the-ultralytics-supply-chain-attack-connecting-the-dots-with-gitguardians-public-monitoring-data/ #ultralytics

Bill Toulas wrote a summary about the drama with #Ultralytics #YOLO at bleepingcomputer.com

https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/

In the meantime, I learned that there is a #GitHub repo about dramas at GitHub:

https://github.com/neodrama/github-drama/issues/2

#ComputerVision #CyberSecurity #securitybreach #MachineLeaning #machine_learning

@thomrstrom

The sneaky part of the #ultralytics attack was how it got in in the first place, via a weird branch name that got interpreted by Github Actions as something to be expanded and then executed in the CI. The branch didn't even change any files!

Another day - another #SoftwareSupplyChain attack. This time #Ultralytics - an AI vision library downloaded 260,000+ times a day from #PyPI was compromised by a malicious code injection which installed cryptocurrency miner. Avoid versions 8.3.41 & 8.3.42:

https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/

The maintainer of the #Ultralytics AI library for Python has confirmed some versions of the library contained malicious code

The code exists in versions 8.3.41 and 8.3.42 of the library. The malicious code mines cryptocurrency in the background.

Developers are advised to review all library dependencies and update to a patch version

#cybersecurity #supplychainattack

https://thehackernews.com/2024/12/ultralytics-ai-library-compromised.html

Ultralytics AI model hijacked to infect thousands with cryptominer
https://www.bleepingcomputer.com/news/security/ultralytics-ai-model-hijacked-to-infect-thousands-with-cryptominer/
#ycombinator #computers #windows #linux #mac #support #tech_support #spyware #malware #virus #security #Artificial_Intelligence #Open_Source #Supply_Chain #Supply_Chain_Attack #Ultralytics #virus_removal #malware_removal #computer_help #technical_support

There is an excellent writeup by @yossarian of the #ultralytics attack, starting from the Github Actions compromise ("Beware of weird branch names") and continuing through with token exfiltration and a cache poisoning attack on the pip cache.

https://blog.yossarian.net/2024/12/06/zizmor-ultralytics-injection has the microscope and tweezers details.

some discussion also at https://infosec.exchange/@yossarian/113607103858837241

An associated static analysis tool for Github Actions is "zizmor"

https://github.com/woodruffw/zizmor

cc @990000 @neilk @steiza

Ein Krypto-Miner wurde in einigen Versionen des Pip-Pakets ultralytics gefunden. Betroffen sind die Versionen v8.3.41 und v8.3.42 des ultralytics pip-Pakets auf Mac und Linux.
Updaten!
https://blog.comfy.org/comfyui-statement-on-the-ultralytics-crypto-miner-situation/
#DASS #DassNews #ultralytics #cryptominer

Beware of weird branch names

Sanitize your inputs

Some references for the #ultralytics attack, which saw a crafted branch name inject a crypto miner into a PyPi package via unsanitized Github Actions variables.

https://vielmetti.typepad.com/logbook/2024/12/ultralytics-github-actions-plugin-compromised-by-git-branch-name-shell-injection-attack.html

#github #infosec

cc @990000 @neilk

@mgorny

It looks like this is one of the offending PRs

https://github.com/ultralytics/ultralytics/pull/18020

and you'll note that the branch name has a shell injection attack in it, so it's probably that

unclear as of yet exactly the path through the system that left a branch name unsanitized, but I'm betting there's other repos at risk

cc @steiza

#github #ultralytics #infosec

Dzisiejsze wieści z GitHuba: projekt #Ultralytics ma problem skompromitowanego procesu CI, przez który na PyPI trafiały zmodyfikowane wydania. 8.3.41 i 8.3.42 zawierały złośliwą koparkę kryptowalut. Wygląda na to, że nie ma jeszcze informacji, w jaki sposób dokładnie do tego doszło.

https://github.com/ultralytics/ultralytics/issues/18027

#GitHub #kryptowaluty

Today's #GitHub fun: #Ultralytics had its release pipeline compromised, creating compromised release artifacts and uploading them to PyPI. 8.3.41 and 8.3.42 contained a #cryptocurrency miner. Apparently there's still no clear explanation of how exactly it was compromised.

https://github.com/ultralytics/ultralytics/issues/18027

#security

Attention the #python PyPI package of the popular object detection model #YOLO in its implementation by #Ultralytics has been compromised.

There is an angoing investigation about the matter:

https://github.com/ultralytics/ultralytics/issues/18027

For now it would be best do uninstall the package.

#ComputerVision

Deploying Ultralytics YOLO models on Raspberry Pi devices - Raspberry Pi https://www.raspberrypi.com/news/deploying-ultralytics-yolo-models-on-raspberry-pi-devices/ #RaspberryPi #YOLO #Ultralytics #ComputerVision
#AI #MachineLearning #OpenSource #DIYProjects

Screw #Ultralytics.

https://github.com/blakeblackshear/frigate/pull/10717

An #AGPL licensed program outputs a binary file, that is now licensed under AGPL as well?

And these automated answers are just an insult.
https://github.com/ultralytics/ultralytics/issues/2129

Dont use anything from them.