Cybercriminals are tricking GitHub into sending out fraudulent email notifications, luring software developers into downloading malware, experts have warned. Security researchers Socket, who said they observed a large-scale, coordinated spam campaign targeting developers on various projects.
GitHub has a section called “Discussions”, which is essentially a forum for discussing various projects. When a developer participates in, or monitors a topic, they get notified via email when something gets posted.
Read more…
Source: TechRadar News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Air India cyber-attack: Data of millions of customers compromised
May 22, 2021
India’s national airline Air India has said a cyber-attack on its data servers affected about 4.5 million customers around the world. The breach was first reported to the company in February. Details including passport and ticket information as well as credit-card data were compromised. But Air India said security details for credit cards – CVV or CVC ...
- Here’s how we got persistent shell access on a Boeing 747 – Pen Test Partners
May 21, 2021
Researchers from infosec biz Pen Test Partners established a persistent shell on an in-flight entertainment (IFE) system from a Boeing 747 airliner after exploiting a vulnerability dating back to 1999. It’s an attack that’s more of a curiosity than anything else: it’s too difficult to pull off during an actual flight, and it’s rare these days ...
- Florida water treatment plant was involved in second security incident before poisoning attempt: report
May 21, 2021
A new study from Dragos has found that a water treatment plant in Oldsmar, Florida — where hackers attempted to poison the town’s water earlier this year — was also involved in another potential breach at the same time. A browser being used on the plant’s network was traced back to a “watering hole” attack that ...
- Phorpiex malware botnet just won’t go away
May 21, 2021
The Phorpiex malware botnet has lurked around the internet for years and is used to deliver ransomware, spam email and more, but now Microsoft’s security team are taking a closer look at it. The botnet has been known for using old-fashioned worms that spread via removable USB drives and instant messaging apps, began diversifying its infrastructure ...
- US insurance giant CNA Financial paid $40 million ransom to regain control of systems: report
May 21, 2021
One of the largest insurance companies in the United States, CNA Financial, reportedly agreed to a $40 million payment to restore access to its systems following a ransomware attack. According to Bloomberg, the $40 million payment — which is $10 million more than the highest attempted demand of $30 million in 2020, already double the highest ...
- FBI: Conti Ransomware Attacks Impact Healthcare and First Responder Networks
May 20, 2021
The FBI identified at least 16 Conti ransomware attacks targeting US healthcare and first responder networks, including law enforcement agencies, emergency medical services, 9-1-1 dispatch centers, and municipalities within the last year. These healthcare and first responder networks are among the more than 400 organizations worldwide victimized by Conti, over 290 of which are located in the U.S. ...