Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- US offers $15m reward for information about Conti ransomware gang
May 9, 2022
The US government is offering up to $15 million for information about key leaders of the notorious Conti ransomware group and any individual participating in an attack using a variant of Conti’s malware. In its notice issued May 6, the US Department of State said the Conti ransomware variant was the costliest strain of ransomware on ...
- NetDooka Framework Distributed via PrivateLoader Malware as Part of Pay-Per-Install Service
May 5, 2022
Trend Micro researchers recently encountered a fairly sophisticated malware framework that they named NetDooka after the names of some of its components. The framework is distributed via a pay-per-install (PPI) service and contains multiple parts, including a loader, a dropper, a protection driver, and a full-featured remote access trojan (RAT) that implements its own network ...
- UK: Phishing operation hits National Health Service email accounts to harvest Microsoft credentials
May 5, 2022
A phishing operation compromised over one hundred UK National Health Service (NHS) employees’ Microsoft Exchange email accounts for credential harvesting purposes, according to email security shop Inky. During the phishing campaign, which began in October 2021 and spiked in March 2022, the email security firm detected 1,157 phishing emails originating from NHSMail accounts that belonged to ...
- FBI: Business Email Compromise – The $43 Billion Scam
May 4, 2022
This Public Service Announcement is an update and companion piece to Business Email Compromise PSA I-091019-PSA posted on www.ic3.gov. This PSA includes new Internet Crime Complaint Center complaint information and updated statistics from October 2013 to December 2021. DEFINITION Business Email Compromise/Email Account Compromise (BEC/EAC) is a sophisticated scam that targets both businesses and individuals who perform ...
- New ransomware strains linked to North Korean govt hackers
May 3, 2022
Several ransomware strains have been linked to APT38, a North Korean-sponsored hacking group known for its focus on targeting and stealing funds from financial institutions worldwide. They’re also known for deploying destructive malware on their victims’ networks during the last stage of their attacks, likely to destroy any traces of their activity. Christiaan Beek, a lead threat ...
- Update on cyber activity in Eastern Europe
May 3, 2022
Google’s Threat Analysis Group (TAG) has been closely monitoring the cybersecurity activity in Eastern Europe with regard to the war in Ukraine. Since our last update, TAG has observed a continuously growing number of threat actors using the war as a lure in phishing and malware campaigns. Similar to other reports, we have also observed ...