Cybercriminals are tricking GitHub into sending out fraudulent email notifications, luring software developers into downloading malware, experts have warned. Security researchers Socket, who said they observed a large-scale, coordinated spam campaign targeting developers on various projects.
GitHub has a section called “Discussions”, which is essentially a forum for discussing various projects. When a developer participates in, or monitors a topic, they get notified via email when something gets posted.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Mekotio Banking Trojan Threatens Financial Systems in Latin America
July 4, 2024
The Mekotio banking trojan is a sophisticated piece of malware that has been active since at least 2015, primarily targeting Latin American countries with the goal of stealing sensitive information — particularly banking credentials — from its targets. Originating in the Latin American region, it has been particularly prolific in Brazil, Chile, Mexico, Spain, and Peru. ...
- Twilio data breach gets a whole lot worse as it confirms hackers accessed Authy user phone numbers
July 4, 2024
The recent data breach affecting Twilio may have taken a rather unfortunate extra turn after new reports claim the hackers can single out Authy users from the archives. The infamous ShinyHunters hacking collective recently said it stole 33 million phone numbers from Twilio, and the company has now revealed that the attackers were able to determine ...
- The Hidden Danger of PDF Files with Embedded QR Codes
July 3, 2024
The SonicWall Capture Labs threat research team has been observing PDF files with QR codes being abused by malware authors to deceive users for a long time. QR codes are increasingly popular due to their versatility and ease of use. Beyond payments and feedback, QR codes have a wide range of applications across various industries such ...
- Millions of iOS apps could have been hit by cyberattack due to a worrying flaw
July 3, 2024
A key tool used primarily in iOS and macOS app development was vulnerable in a way that opened up millions of Mac apps to supply chain attacks, experts have warned. Cybersecurity researchers EVA Information Security claim a dependency manager for Swift and Objective-C projects called CocoaPods, carried three vulnerabilities in a “trunk” server used to manage ...
- High-Risk Path Traversal in SolarWinds Serv-U
July 3, 2024
The SonicWall Capture Labs threat research team became aware of a path traversal vulnerability in SolarWinds Serv-U, assessed its impact and developed mitigation measures. Serv-U server is a solution that provides a secure file transfer facility and control inside and outside the organization. Identified as CVE-2024-28995, SolarWinds Serv-U 15.4.2 HF 1 and previous versions allow an ...
- Apple IDs Targeted in US Smishing Campaign
July 2, 2024
Phishing actors continue to target Apple IDs due to their widespread use, which offers access to a vast pool of potential victims. These credentials are highly valued, providing control over devices, access to personal and financial information, and potential revenue through unauthorized purchases. Additionally, Apple’s strong brand reputation makes users more susceptible to trusting deceptive communications ...