Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- What the Rise in Cyber-Recon Means for Your Security Strategy
December 30, 2021
As we move into 2022, bad actors are ramping up their reconnaissance efforts to ensure more successful and more impactful cyberattacks. And that means more zero-day exploits are on the horizon. When seen through an attack chain such as the MITRE ATT&CK framework, campaigns are frequently discussed in terms of left-hand and right-hand phases of threats. ...
- Fintech firm hit by log4j hack refuses to pay $5 million ransom
December 29, 2021
One of the largest Vietnamese crypto trading platforms, ONUS, recently suffered a cyber attack on its payment system running a vulnerable Log4j version. Soon enough, threat actors approached ONUS to extort a $5 million sum and threatened to publish the customer data should ONUS refuse to comply. After the company’s refusal to pay the ransom, threat actors ...
- West Virginia State workers to be paid on time despite ransomware attack
December 27, 2021
West Virginia state workers will be paid on schedule this week, despite a ransomware attack that recently crippled a software provider that helps manage time and leave for more than 35,000 state employees. The State Auditor’s Office reassured employees Monday that checks will be deposited on schedule Friday. For additional assurance, officials urged state workers to check ...
- QNAP NAS devices hit in surge of ech0raix ransomware attacks
December 27, 2021
Users of QNAP network-attached storage (NAS) devices are reporting attacks on their systems with the eCh0raix ransomware, also known as QNAPCrypt. The threat actor behind this particular malware intensified their activity about a week before Christmas, taking control of the devices with administrator privileges. Attack count jumps before Christmas BleepingComputer forum users managing QNAP and Synology NAS systems ...
- Rook ransomware is yet another spawn of the leaked Babuk code
December 24, 2021
A new ransomware operation named Rook has appeared recently on the cyber-crime space, declaring a desperate need to make “a lot of money” by breaching corporate networks and encrypting devices. Although the introductory statements on their data leak portal were marginally funny, the first victim announcements on the site have made it clear that Rook is ...
- Honeypot experiment reveals what hackers want from IoT devices
December 22, 2021
A three-year-long honeypot experiment featuring simulated low-interaction IoT devices of various types and locations gives a clear idea of why actors target specific devices. More specifically, the honeypot was meant to create a sufficiently diverse ecosystem and cluster the generated data in a way that determines the goals of adversaries. IoT (Internet of Things) devices are a ...