Unauthenticated Jupyter Notebook instances have been subjected to takeover intrusions leading to the illegal live streaming of sports events as part of a stealthy piracy operation, The Hacker News reports.
After implementing server updates, threat actors proceeded to download and execute the FFmpeg tool from MediaFire to capture Qatari beIN Sports network's live sports events, which are then redirected to the attacker-controlled stream[.]tv server, according to a report from Aqua. Such an attack — which is believed to have been conducted by an Arab-speaking threat actor — could preview more severe cybersecurity threats against organizations, with Jupyter Notebooks being typically used for data analysis, noted Aqua Director of Threat Intelligence Assaf Morag. "Potential risks include denial-of-service, data manipulation, data theft, corruption of AI and ML processes, lateral movement to more critical environments, and, in the worst-case scenario, substantial financial and reputational damage," said Morag.
