Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- LockBit ransomware builder leaked online by “angry developer”
September 21, 2022
The LockBit ransomware operation has suffered a breach, with an allegedly disgruntled developer leaking the builder for the gang’s newest encryptor. In June, the LockBit ransomware operation released version 3.0 of their encryptor, codenamed LockBit Black, after testing it for two months. The new version promised to ‘Make Ransomware Great Again,’ adding new anti-analysis features, a ransomware ...
- Atlassian Confluence Vulnerability CVE-2022-26134 Abused For Cryptocurrency Mining, Other Malware
September 21, 2022
Trend Micro researchers observed the active exploitation of CVE-2022-26134, an unauthenticated remote code execution (RCE) vulnerability with a critical rating of 9.8 in the collaboration tool Atlassian Confluence. The gap is being abused for malicious cryptocurrency mining. Confluence has already released a security advisory detailing the fixes necessary for all affected products, namely all versions ...
- MFA Fatigue: Hackers’ new favorite tactic in high-profile breaches
September 20, 2022
Hackers are more frequently using social engineering attacks to gain access to corporate credentials and breach large networks. One component of these attacks that is becoming more popular with the rise of multi-factor authentication is a technique called MFA Fatigue. When breaching corporate networks, hackers commonly use stolen employee login credentials to access VPNs and the ...
- Uber blames security breach on Lapsus$, says it bought credentials on the dark web
September 19, 2022
The security breach that hit Uber last week was the work of Lapsus$, Uber said in a blog post Monday. The South American hacking group has attacked a number of technology giants in the past year, including Microsoft, Samsung, and Okta. Uber said it is in close coordination with the FBI and US Justice Department on ...
- American Airlines discloses data breach after employee email compromise
September 19, 2022
American Airlines has notified customers of a recent data breach after attackers compromised an undisclosed number of employee email accounts and gained access to sensitive personal information. In notification letters sent on Friday, September 16th, the airline explained that it has no evidence that the exposed data was misused. American Airlines discovered the breach on July 5th, ...
- Meet Pedro, the police dog sniffing out Canberra’s cybercrime
September 17, 2022
Hold your smartphone up to your nose and take a deep sniff. That’s what Pedro can smell too. Pedro is a technology detector dog for the National Canine Operations unit of the Australian Federal Police (AFP). He and his four-legged peers are tasked with sniffing out laptops, phones, USB sticks and other electronic devices for criminal ...