Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Explained: SMTP smuggling
January 7, 2024
SMTP smuggling is a technique that allows an attacker to send an email from pretty much any address they like. The intended goal is email spoofing—sending emails with false sender addresses. Email spoofing allows criminals to make malicious emails more believable. Let’s take a closer look at what it is exactly, and how cybercriminals can use ...
- Bangladesh: Cyber attack on Smart Election Commission app from two countries
January 7, 2024
A cyber attack has been carried out on the app ‘Smart Election Management BD’ of the Election Commission (EC) from Ukraine and Germany, said EC Secretary Md Jahangir Alam on Sunday. He told the media that the Election Commission (EC) had created a mobile application which was providing real-time voting information. However, voters were complaining since ...
- Top legal firm specializing in data breaches…hit by data breach
January 6, 2024
Top legal firm that specializes in helping other organizations in the aftermath of a data breach has ironically suffered one such incident itself. Orrick, Herrington & Sutcliffe has sent out a breach notification letter to affected individuals, confirming it had been the victim of an intrusion that happened in March 2023. Read more… Source: MSN News
- Freight giant Estes confirms data breach, but says it won’t pay ransom
January 5, 2024
The October 2023 cyberattack against Estes Express Lines was indeed ransomware, but the company has paid no ransom demand as yet. The company confirmed the news in an email recently sent to affected customers. As per the email, sent to roughly 21,000 people, threat actors accessed the company’s IT infrastructure on October 1, 2023, and managed ...
- Tackling Anti-Analysis Techniques of GuLoader and RedLine Stealer
January 5, 2024
Malware, like many complex software systems, relies on the concept of software configuration. Configurations establish guidelines for malware behavior and they are a common feature among the various malware families Unit 42 examine. The configuration data embedded within malware can offer invaluable insights into the intentions of cybercriminals. However, due to its significance, malware authors deliberately ...
- 23andMe blames “negligent” breach victims, says it’s their own fault
January 4, 2024
In a surprising move, in a letter to legal representatives of victims of the recent 23andMe data breach, the company has laid the blame at the feet of victims themselves. 23andMe even goes as far as to claim that this wasn’t a data breach at 23andMe at all. The reasoning: “… unauthorized actors managed to access ...