Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Deepfake video conference sees criminals escape with US$25 million
May 20, 2024
In February, a multinational company’s finance team member in Hong Kong made headlines after he transmitted HK$200 million (US$25 million) to cybercriminals who pretended to be the chief financial officer and other colleagues, using deepfake technology, in what the worker thought was a legitimate video conference. Now it’s been revealed that it was UK engineering group ...
- Medusa announced attack on John R. Wood Christie’s International Real Estate group
May 20, 2024
No patron information was compromised in a recent ransomware attack against John R. Wood Christie’s International Real Estate by a cyber gang known as Medusa, according to the company. Medusa announced the attack on its site, claiming it had stolen more than 1 terabyte of Wood data. The gang demanded $2 million from the real estate ...
- Springtail: New Linux Backdoor Added to Toolkit
May 16, 2024
Symantec’s Threat Hunter Team has uncovered a new Linux backdoor developed by the North Korean Springtail espionage group (aka Kimsuky) that is linked to malware used in a recent campaign against organizations in South Korea. The backdoor (Linux.Gomir) appears to be a Linux version of the GoBear backdoor, which was used in a recent Springtail campaign ...
- Payload Trends in Malicious OneNote Samples
May 16, 2024
In this post, Unt 42 researchers look at the types of embedded payloads that attackers leverage to abuse Microsoft OneNote files. Our analysis of roughly 6,000 malicious OneNote samples from WildFire reveals that these samples have a phishing-like theme where attackers use one or more images to lure people into clicking or interacting with OneNote ...
- Scammers can easily phish your multi-factor authentication codes – here’s how to avoid it
May 16, 2024
More and more websites and services are making multi-factor-authentication (MFA) mandatory, which makes it much harder for cybercriminals to access your accounts. That’s a great thing. But as security evolves, so do cybercriminals who are always looking for new ways to scam us. A type of phishing we’re calling authentication-in-the-middle is showing up in online media. ...
- Cyber crime threatening mining safety
May 16, 2024
A 2022 survey by Ernst & Young found that 71% of respondents in the mining sector had seen an increase in the number of disruptive attacks in the year leading up to the survey. “Leading mining companies in southern Africa are actively implementing digital transformation projects, and the technology used is becoming more complicated. With connected ...