Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Threat Assessment: Ignoble Scorpius, Distributors of BlackSuit Ransomware
November 20, 2024
Unit 42 researchers have observed an increase in BlackSuit ransomware activity beginning in March 2024 that suggests a ramp up of operations. This threat emerged as a rebrand of Royal ransomware, which occurred in May 2023. Unit 42 tracks the group behind this threat as Ignoble Scorpius. Since the rebrand, Unit 42 has observed at least ...
- Sitting Duck Cyber Attacks – Warning Issued As Websites Targeted
November 20, 2024
A cybersecurity threat known as a sitting duck exploit is thought to be putting more than one million websites at risk of attack, according to threat intelligence analysts. The fact that the attack methodology remains underreported could be the reason why Infoblox security researchers called the discovery of multiple hackers using the vulnerability across widespread cyber ...
- Scammer Black Friday offers: Online shopping threats and dark web sales
November 19, 2024
The e-commerce market continues to grow every year. According to FTI consulting, in Q1 2024, online retail comprised 57% of total sales in the US, and it is expected to increase by 9.8% over 2023 by the end of this year. In Europe, 72% of those aged 16–74 buy online, their share growing by the year. ...
- FrostyGoop’s Zoom-In: A Closer Look into the Malware Artifacts, Behaviors and Network Communications
November 19, 2024
In July 2024, the operational technology (OT)-centric malware FrostyGoop/BUSTLEBERM became publicly known, after attackers used it to disrupt critical infrastructure. The outage occurred after the Cyber Security Situation Center (CSSC), affiliated with the Security Service of Ukraine, disclosed details of an attack on a municipal energy company in Ukraine in early 2024. FrostyGoop is the ninth ...
- Space tech giant Maxar confirms hacker accessed employees’ personal data
November 18, 2024
U.S. space technology and satellite giant Maxar has confirmed a data breach involving the personal information of its employees, according to a filing with state regulators. The Colorado-headquartered Maxar operates imaging satellites and manufactures spacecraft, and claims to operate one of the largest commercial satellite constellations on orbit. Maxar has long been a significant provider of ...
- QuickBooks popup scam still being delivered via Google ads
November 18, 2024
Accounting software QuickBooks, by Intuit, is a popular target for India-based scammers, only rivaled for top spot by the classic Microsoft tech support scams. Malwarebytes Labs researchers seen two main lures, both via Google ads: the first one is simply a website promoting online support for QuickBooks and shows a phone number, while the latter requires ...