リーディングビュー

Microsoft Hacked To Deliver Malware To Claude and Gemini Users

✇Slashdot
著者: BeauHD

🤖 AI Summary

Microsoftが自身のGitHubリポジトリを一斉に停止し、サイバー攻撃の調査を行っていると報じられています。研究者らによると、ハッカーはClaude CodeやGemini CLIなどのAIコーディングツールで使用されるリポジトリにマルウェアを植え付け、人々の資格情報を収集しようとしたとされています。

Microsoftは70以上の自身のリポジトリを停止し、具体的な攻撃状況は不明ですが、durabletaskに関する特定のパッケージが以前に compromissed であったと報告されました。セキュリティウェブサイトOpenSourceMalware.comは、これらのGitHubリポジトリが一括して6月5日に停止されたことを報告しています。

Microsoftは、「顧客とより広いエコシステムを保護することが最優先です。潜在的な脅威を調査するため、一部のリポジトリを一時的に停止しました。その後、調査により問題なしと判断されたものについては再開していますが、他のものは継続的な作業のための一時停止に留まっています」と述べています。

この事件は、Microsoftだけでなく、どの企業でも多くの自身のGitHubリポジトリを一度に停止するのは不尋常であるとの指摘もあります。
An anonymous reader quotes a report from 404 Media: Microsoft has shut down a wave of its own repositories on GitHub, including those related to Azure and AI coding agents, as it investigates a data breach, according to research from cybersecurity researchers and a statement given to 404 Media by Microsoft. Hackers planted malware that would harvest peoples' credentials when they opened it in AI coding tools like Claude Code or Gemini CLI, according to one set of researchers. The exact contours of the breach are unclear, but researchers say Microsoft has disabled more than 70 of its own repositories, and pointed to a particular package that was previously compromised. Last week, cybersecurity website OpenSourceMalware.com, which acts as a clearing house for indicators of supply chain attacks so defenders can secure their own networks, and which also publishes its own write-ups, wrote about the mass disabling of Microsoft GitHub repositories. "GitHub disabled 73 Microsoft repositories across four of its GitHub organizations -- the entire Azure Functions org, the whole Durable Task family, and a row of AI sample apps -- in a 105-second sweep on June 5," the website wrote on Friday. Is it very unusual for any company, let alone Microsoft, to disable so many of its own repositories in one go. They include 49 related to Azure, Microsoft's cloud computing arm, and some concerning AI agents. The shutdown repositories also include ones related to durabletask, a Microsoft development tool. Researchers from StepSecurity wrote on Friday that the GitHub closures came after a malicious commit was pushed to the durabletask repository. That attack planted configuration files that would harvest peoples' credentials when they opened the repository in Claude Code, Gemini CLI, Cursor, or VS Code, StepSecurity wrote. Microsoft said in a statement: "Our priority is to protect customers and the broader ecosystem. We temporarily removed some repositories as we investigated potential malicious content. Some of these repos have been restored after review, while others may remain offline while work continues. As part of our investigation, we notified a small number of customers who may have pulled down content from the affected repositories. We will continue to investigate, and if anything further is identified that requires customer action, we will reach out directly through our established support channels."

Read more of this story at Slashdot.

  •  

NHS Prescribes Half a Million Copilot Licenses For Its Paperwork Headache

✇Slashdot
著者: BeauHD

🤖 AI Summary

NHS Englandは、Microsoft Copilotを50万5千人の医療関係者とサポートスタッフに導入すると計画しています。3万人のパイロットテストでは、AIアシスタントが平均43分間の事務作業時間を節約したとの結果が出ました。

導入スケジュールは急速ではありません。各信託は従業員数に基づいて中央でライセンスを配布し、通常2千の座席から始まります。2026年10月までに5万以上のスタッフが Copilot にアクセスできる見込みです。

NHSには大量の事務作業があり、Copilotは退院 paperwork, ベッド管理、スケジュール計画、ミーティングメモ、理事会資料、報告書、人事、財務、調達に関するタスクを手助けします。Copilot Studioにもアクセスでき、NHS信託は自由情報要求の処理やクレームの処理など特定のAIエージェントを開発できます。

システムの展開にはアジェンダ365という統治フレームワークが使用され、これによりこれらのシステムが適切にデプロイされます。
NHS England plans to roll out Microsoft Copilot to 505,000 clinicians and support staff after a 30,000-person pilot claimed the AI assistant saved users an average of 43 minutes a day on administrative work. The Register reports: The rollout won't happen overnight. NHS England said that each trust will receive a central allocation of licenses based on headcount, typically starting with around 2,000 Copilot seats, and that more than half a million staff are expected to have access by October 2026. The NHS has no shortage of administrative work to throw at the software. The rollout envisions Copilot helping with discharge paperwork, bed management, rota planning, meeting minutes, board papers, briefings, data analysis, and assorted HR, finance, and procurement tasks. NHS organizations will also receive access to Copilot Studio, Microsoft's toolkit for building custom AI agents. NHS England said trusts will be able to develop agents for tasks such as handling Freedom of Information requests, processing complaints, reducing helpdesk workloads, and assisting with financial analysis. A governance framework called Agent 365 will oversee the deployment of those systems.

Read more of this story at Slashdot.

  •  

UK PM Gives Tech Firms Ultimatum To Block Explicit Images on Children's Phones

✇Slashdot
著者: BeauHD

🤖 AI Summary

UK首相ケア・スターマーは、Apple、Googleなどのテクノロジー企業に9月までに児童が露骨な画像を撮影したり共有したり見たりできないようにするデバイスレベルの保護措置を導入することを命じました。もし3ヶ月以内に遵守しない場合は、規制を通じて全ての携帯電話やタブレットにそのような保護機能を義務付ける法律を制定すると警告しました。違反企業は罰金を受け、社員も刑事責任を負う可能性があります。

スターマー首相は「今日、この国で事業を行うテクノロジー企業に、児童が送受信する露骨な画像を防止する制限を導入するよう呼びかけます」と述べました。彼は、「それが不可能な挑戦ではない」と強調しました。「彼らがそれをしない場合は、行動し法を変えます」。

この措置はオンライン安全法案の一部として位置付けられており、その法律では企業に未成年者が有害なコンテンツにアクセスできないようにする手順を設けるよう求めています。
UK Prime Minister Keir Starmer has given Apple, Google, and other tech firms until September to introduce device-level protections that prevent children from taking, sharing, or viewing explicit images. "If businesses do not comply within three months, legislation will be brought forward requiring the protection to be added to all phones and tablets sold in the UK," reports The Guardian. "Tech firms that fail to do so could face fines, and their senior managers could be made criminally liable." From the report: "Today, I am calling on tech companies operating in this country to introduce vice controls that prevent children from sending and receiving sexually explicit images. Because this is not an impossible challenge," he said. "If they choose not, then we will act and we will change the law." [...] Under the changes, sexual predators will be prevented from being able to exploit and abuse victims through their devices, and children stopped from being able to access pornography, the Home Office said. Adults will still be able to take, share or view nude content once they have verified their age. In the Commons, Melanie Ward, the Labour MP for Cowdenbeath and Kirkcaldy, said: "It's time to stop asking social media companies to make their products safe, and instead time to start requiring them to do so through regulation." Clive Efford, the Labour MP for Eltham and Chislehurst, said the "sociopaths" running social media platforms had no concern for the welfare of children. "The only message that they're going to listen to is if there's legislation put before this house that is going to act and send a clear message to them." The proposal is designed to sit alongside the Online Safety Act, which requires companies to have processes for removing material that is illegal or harmful to children.

Read more of this story at Slashdot.

  •  
❌