Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Amazon Confirms Employee Data Was Exposed Through MOVEit Breach
November 12, 2024
In a significant development that underscores the lasting impact of 2023’s MOVEit vulnerability, Amazon has confirmed that employee data was compromised through a third-party property management vendor. The breach, revealed by a threat actor known as “Nam3L3ss,” exposes the continuing ripple effects of one of last year’s most devastating supply chain attacks. The compromise stems from ...
- AT&T, Ticketmaster data breach hackers charged with stealing 50 billion records
November 12, 2024
The U.S. has indicted two individuals, Connor Moucka and John Binns, according to new documents, for hacking third-party cloud data storage and analytics company Snowflake. The Snowflake hack led to data breaches at numerous companies using the platform such as AT&T, Ticketmaster, and more than 150 other corporations. Read more… Source: MSN News Sign up for our Newsletter Related:
- Hot Topic data breach thought to have hit nearly 54 million customers
November 12, 2024
Breach notification site Have I Been Pwned has confirmed the personal data of 56,904,909 users was found online, leaked from Hot Topic, Torrid, and Box Lunch customers. Threat actor ‘Satanic’ claimed responsibility for the breach, which was allegedly carried out through an infostealer infection, and made possible by weak security practices. The dataset is reportedly on ...
- Earth Simnavaz (aka APT34) Levies Advanced Cyberattacks Against Middle East
November 11, 2024
Recently, Trend Micro has been tracking Earth Simnavaz (also known as APT34 and OilRig), a cyber espionage group. This group primarily targets organizations in the energy sector, particularly those involved in oil and gas, as well as other infrastructure. It is known for using sophisticated tactics, techniques, and procedures (TTPs) to gain unauthorized access to networks ...
- Ymir: new stealthy ransomware in the wild
November 11, 2024
In a recent incident response case, Kaspersky researchers discovered a new and notable ransomware family in active use by the attackers, which they named “Ymir”. The artifact has interesting features for evading detection, including a large set of operations performed in memory with the help of the malloc, memmove and memcmp function calls. In the case ...
- Hello again, FakeBat: popular loader returns after months-long hiatus
November 8, 2024
The web browser, and search engines in particular, continue to be a popular entry point to deliver malware to users. While Malwarebytes Labs noted a decrease in loaders distributed via malvertising for the past 3 months, today’s example is a reminder that threat actors can quickly switch back to tried and tested methods. After months of ...