Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- PYSA ransomware behind most double extortion attacks in November
December 21, 2021
Security analysts from NCC Group report that ransomware attacks in November 2021 increased over the past month, with double-extortion continuing to be a powerful tool in threat actors’ arsenal. Threat actors’ focus is also shifting to entities belonging to the government sector, which received 400% more attacks than in October. The spotlight in November was stolen by ...
- Russian hackers made millions by stealing SEC earning reports
December 21, 2021
A Russian national working for a cybersecurity company has been extradited to the U.S. where he is being charged for hacking into computer networks of two U.S.-based filing agents used by multiple companies to file quarterly and annual earnings through the Securities and Exchange Commissions (SEC) system. Along with other conspirators, the individual made millions of ...
- After ransomware attack, global logistics firm Hellmann warns of scam calls and mail
December 20, 2021
German logistics giant Hellmann has warned its customers and partners to be on the lookout for fraudulent calls and mail after the company was hit with a ransomware attack two weeks ago. In an update about the cyberattack that initially forced them to remove all connections to their central data center, the company said business operations ...
- Scammers grabbed $7.7 billion worth of cryptocurrency in 2021, say researchers
December 20, 2021
Cryptocurrency-based scammers and cyber criminals netted a whopping $7.7 billion worth of cryptocurrency from victims in 2021, marking an 81% rise in losses compared to 2020, according to blockchain analysis firm, Chainalysis. Some $1.1 billion of the $7.7 billion in losses were attributed to a single scheme which allegedly targeted Russia and Ukraine, it said. “As the ...
- Log4j vulnerability now used to install Dridex banking malware
December 20, 2021
Threat actors now exploit the critical Apache Log4j vulnerability named Log4Shell to infect vulnerable devices with the notorious Dridex banking trojan or Meterpreter. The Dridex malware is a banking trojan originally developed to steal online banking credentials from victims. However, over time, the malware has evolved to be a loader that downloads various modules that can ...
- Russian hackers leak confidential UK police data on the ‘dark web’ after their ransom was rejected
December 19, 2021
Confidential information held by some of Britain’s police forces has been stolen by Russian hackers in an embarrassing security breach, The Mail on Sunday can reveal. The cyber-criminal gang Clop has released some of the material it plundered from an IT firm that handles access to the police national computer (PNC) on the so-called ‘dark web’ ...