Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Conti gang is still in business, despite its own massive data leak
April 6, 2022
The Conti ransomware gang is still actively running campaigns against victims around the world, despite the inner workings of the group being revealed by data leaks. One of the most prolific ransomware groups of the last year, Conti has encrypted networks of hospitals, businesses, government agencies and more – in many cases, receiving a significant ransom ...
- Feds slay dark-web souk Hydra: Servers and $25m in crypto-coins seized
April 5, 2022
US and German federal agencies came down hard on Hydra, the longest-running known dark-web marketplace trafficking in illegal drugs and money-laundering services, with a multi-pronged attack that aimed to cut off multiple heads of the nefarious online beast. First, German federal police in coordination with US law enforcement seized Hydra servers and cryptocurrency wallets containing $25 ...
- Bank had no firewall license, intrusion or phishing protection – guess the rest
April 5, 2022
An Indian bank that did not have a valid firewall license, had not employed phishing protection, lacked an intrusion detection system and eschewed use of any intrusion prevention system has, shockingly, been compromised by criminals who made off with millions of rupees. The unfortunate institution is called the Andra Pradesh Mahesh Co-Operative Urban Bank. Its 45 ...
- Borat RAT: Multiple threat of ransomware, DDoS and spyware
April 4, 2022
A new remote access trojan (RAT) dubbed “Borat” doesn’t come with many laughs but offers bad actors a menu of cyberthreats to choose from. RATs are typically used by cybercriminals to get full control of a victim’s system, enabling them to access files and network resources and manipulate the mouse and keyboard. Borat does all this ...
- More charged in UK Lapsus$ investigation
April 1, 2022
British police have charged two teenagers as part of an international investigation into the Lapsus$ cyber extortion gang. The boys, aged 16 and 17, are set to appear at Highbury Corner Magistrates’ Court on Friday, according to the City of London Police, the force responsible for the capital’s financial district. Detective Inspector Michael O’Sullivan said the pair ...
- Lazarus Trojanized DeFi app for delivering malware
March 31, 2022
For the Lazarus threat actor, financial gain is one of the prime motivations, with a particular emphasis on the cryptocurrency business. As the price of cryptocurrency surges, and the popularity of non-fungible token (NFT) and decentralized finance (DeFi) businesses continues to swell, the Lazarus group’s targeting of the financial industry keeps evolving. We recently discovered a ...