HackerTrans
トップ新着トレンドコメント過去質問紹介求人

tobwen

no profile record

投稿

UK Medical Agency Might Use Gemini Flash Lite

1 ポイント·投稿者 tobwen·8 か月前·0 コメント

[untitled]

1 ポイント·投稿者 tobwen·8 か月前·0 コメント

Ask HN: Do all those AI-generated skills help?

1 ポイント·投稿者 tobwen·9 か月前·0 コメント

Major security breach at Austrian AI startup localmind.ai

localmind.ai
27 ポイント·投稿者 tobwen·9 か月前·6 コメント

Ask HN: CLI AI Agents with Comparism?

1 ポイント·投稿者 tobwen·9 か月前·0 コメント

コメント

tobwen
·18 日前·議論
[dead]
tobwen
·20 日前·議論
Thanks for the write-up, I like the integration in the Proxmox VE environment.

Given some similarities, I’d like to briefly mention `krun` here. Although it’s an OCI-compatible container runtime, it uses MicroVMs with a similar approach. Perhaps we can exchange ideas here? I recall that GPU passthrough is also a recurring topic there.

https://github.com/containers/crun/blob/main/krun.1.md
tobwen
·3 か月前·議論
Hey LLM, invert those rules to get undetectable :)
tobwen
·4 か月前·議論
Isn't this solving the problem? https://github.com/balena-io/sshproxy
tobwen
·4 か月前·議論
Added to AGENTS.md :)
tobwen
·6 か月前·議論
Books are databases, chars their elements. We have copyright for databases in EU :)
tobwen
·6 か月前·議論
I’m using ipset for this… It‘s protecting my Asterisk PBX since 2020.
tobwen
·8 か月前·議論
And yes, you can use it with OpenRouter.
tobwen
·9 か月前·議論
In Europe, SEPA direct debits can also be withdrawn. But you can expect to receive a reminder with legal action within a few days.
tobwen
·9 か月前·議論
My opinion: Without support in libosmium and GDAL, this will remain a marginal phenomenon.
tobwen
·9 か月前·議論
The accessibility support (PDF/UA-1) is VERY nice, but there's still still a lot of work to do (-> tables).
tobwen
·9 か月前·議論
“When using wildcard patterns, this function analyzes the column structure and data types from the first matching worksheet only.”

Meh… I think I should work on a PR to fix this…
tobwen
·9 か月前·議論
Has recently been used to visit "The Matrix" again: https://www.youtube.com/watch?v=iq5JaG53dho&t=1412
tobwen
·9 か月前·議論
Hrhr, I'd love to have automatic CODE generation from Scientic Papers :D
tobwen
·9 か月前·議論
Indeed... The security breach is already a few days old, and the white hat hacker has informed many major newspapers about it and sent them an incident report. According to these media outlets, several credentials were stored in plain text in the knowledge base, which allowed the white hat access to other services.
tobwen
·9 か月前·議論
I just came across this incident involving localmind.ai, a small AI startup out of Innsbruck, Austria (founded in early 2024). The company stated that internal processes and control mechanisms failed and accepted full responsibility for the incident.

This summary outlines the key events and remediation actions from the official incident reports published by Localmind.ai between October 5 and October 9, 2025.

Incident overview and initial response (October 5)

On October 5, 2025, at 05:43 CEST, Localmind detected unauthorized access to its systems. The immediate response was to take all affected systems, including internal platforms and customer instances, offline to contain the breach. Initial measures included:

  - Resetting all passwords and regenerating API keys (e.g., for Notion, SendGrid, Hetzner).
  - Deactivating all user accounts, restricting access to a minimal number of administrators with mandatory two-factor authentication (2FA).
  - Initiating a forensic investigation.
Root cause analysis (October 5, Update #2)

The breach originated from a misconfiguration in an externally accessible beta-test instance. The flaw granted administrator privileges by default to a newly registered account. The attacker used this access to:

  - Access the integrated automation platform (n8n).
  - Retrieve an unrestricted API key for the internal Notion knowledge base, which contained infrastructure documentation and credentials.
  - Use the compromised information to escalate access further and send emails from an internal account.
The company stated that internal processes and control mechanisms failed and accepted full responsibility for the incident.

Impact assessment and forensic Updates

  - Scope: The core Localmind platform was not compromised. The attack was confined to administrative interfaces and test environments. A limited number of customer systems were accessed, while on-premise instances showed no signs of unauthorized access.
  - Forensics: Unauthorized logins were traced to IP addresses from VPN providers, complicating attribution. Login activity occurred outside regular business hours (nights, weekends). As of October 8, no evidence of large-scale data exfiltration was found.
  - Data transparency: Localmind offered data exports to customers to conduct their own audits for potential GDPR breach notifications.
Remediation and security hardening measures

The company initiated a comprehensive infrastructure rebuild and security overhaul.

  1. New infrastructure: A migration of virtual machines to new, Tier IV, ISO 27001/27018 certified data centers with a fully isolated infrastructure was nearly complete as of October 8. Systems are being rebuilt from clean data volumes (e.g., Docker volumes) onto new, hardened hosts.
  2. Access security:
    - Implementation of an F5 Web Application Firewall (WAF) with pre-authentication for each customer instance.
    - Mandatory two-factor authentication (2FA) for all application logins.
    - Deployment of the Wazuh security agent for centralized login monitoring and anomaly detection.
    - All previous service accounts and credentials within automation workflows were deleted, requiring a re-issue.
  3. Automation restriction: Critical automation nodes in n8n (e.g., Execute Command, Read/Write File to Disk) were disabled and will be unavailable in cloud environments going forward.
  4. Enhanced monitoring: Additional security agents were deployed for endpoint security, configuration assessment, file integrity monitoring, and threat intelligence.
  5. Process change: Each customer instance undergoes a manual audit and documentation before restart, with the audit protocol provided to the customer.
Subsequent Attack Attempt (October 9)

On October 9, Localmind reported a renewed attempt to gain unauthorized access. The new security measures successfully blocked these attacks. The only confirmed impact was a brief, unauthorized text modification on a separately hosted, external development website, which was promptly reverted. The company attributes this attempt to the same threat actor.

Status as of latest update (October 9, 2025)

Systems were in a phased, controlled restart process, with customers being kept informed. The company continues to work on audits and security fortifications.

Sources (as Mementos)

<https://web.archive.org/web/20250000000000*/https://www.loca...> <https://web.archive.org/web/20250000000000*/https://security...>
tobwen
·9 か月前·議論
Warning: There are no sandwiches in this simulation :)