Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Finland’s NBI probes wave of bank cyber attacks
October 18, 2024
Finland’s National Bureau of Investigation has opened a preliminary probe on a series of cyber attacks on the country’s financial sector. Finnish banks have been targeted in cyber attacks in recent months. In particular, Nordea Bank has been hit by several distributed denial of service (DDoS) attacks throughout the autumn. The bank has faced recurring problems ...
- Analysis of the Crypt Ghouls group: continuing the investigation into a series of attacks on Russia
October 18, 2024
Last December, Kaspersky researchers discovered a new group targeting Russian businesses and government agencies with ransomware. Further investigation into this group’s activity suggests a connection to other groups currently targeting Russia. Kaspersky researchers have seen overlaps not only in indicators of compromise and tools, but also tactics, techniques, and procedures (TTPs). Moreover, the infrastructure partially overlaps ...
- How Low Can You Go? An Analysis of 2023 Time-to-Exploit Trends
October 15, 2024
Mandiant analyzed 138 vulnerabilities that were disclosed in 2023 and that we tracked as exploited in the wild. Consistent with past analyses, the majority (97) of these vulnerabilities were exploited as zero-days (vulnerabilities exploited before patches are made available, excluding end-of-life technologies). Forty-one vulnerabilities were exploited as n-days (vulnerabilities first exploited after patches are available). While ...
- Microsoft Digital Defense Report 2024: Microsoft customers face more than 600 million cybercriminal and nation-state attacks every day
October 15, 2024
In the last year, the cyber threat landscape continued to become more dangerous and complex. The malign actors of the world are becoming better resourced and better prepared, with increasingly sophisticated tactics, techniques, and tools that challenge even the world’s best cybersecurity defenders. Even Microsoft has been the victim of well-orchestrated attacks by determined and well-resourced ...
- China again claims Volt Typhoon cyber-attack crew was invented by the US to discredit it
October 15, 2024
Chinese authorities have published another set of allegations that assert the Volt Typhoon cyber-crew is an invention of the US and its allies, and not a crew run by Beijing. Published on Monday in five languages, a document titled “Lie to Me: Volt Typhoon III – Unravelling Cyberespionage and Disinformation Operations Conducted by US Government Agencies” ...
- Sri Lanka arrests over 230 Chinese in cybercrime raids
October 15, 2024
Sri Lankan police have arrested more than 230 Chinese men accused of targeting international banks in online scams, the foreign minister said on Tuesday (Oct 15), with help from security officials sent by Beijing. Vijitha Herath said police raids over the past week had also seized 250 computers and 500 mobile phones used in the alleged ...