Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Lemon Duck hacking group adopts Microsoft Exchange Server vulnerabilities in new attacks
May 10, 2021
Researchers have explored the latest activities of the Lemon Duck hacking group, including the leverage of Microsoft Exchange Server vulnerabilities and the use of decoy top-level domains. The active exploit of zero-day Microsoft Exchange Server vulnerabilities in the wild was a security disaster for thousands of organizations. Four critical flaws, dubbed ProxyLogon, impact on-prem Microsoft Exchange Server ...
- NAME:WRECK DNS Bugs: What You Need to Know
May 9, 2021
For most internet users, there’s not much of a perceivable difference between the domain name they want to visit and the server that the domain queries. That’s because the Domain Name System (DNS) protocol does a good job of seamlessly routing users to different IP addresses that are all associated with a single domain name. The ...
- Colonial Pipeline cyberattack shuts down pipeline that supplies 45% of East Coast’s fuel
May 8, 2021
Colonial Pipeline, which accounts for 45% of the East Coast’s fuel, said it has shut down its operations due to a cyberattack. The attack highlights how ransomware and other cyberattacks are increasingly a threat to real-world infrastructure. The company delivers refined petroleum products such as gasoline, diesel, jet fuel, home heating oil and fuel for the ...
- Google teams up with Stop Scams to tackle financial fraud in the UK
May 8, 2021
Google has joined Stop Scams and outlined new measures to try and clamp down on financial fraud in the United Kingdom. On Friday, Vice President and MD of Google UK & Ireland, Ronan Harris, said that Google is the first major tech giant to partner with Stop Scams UK, an industry-led group that aims to tackle ...
- Ryuk ransomware finds foothold in bio research institute through student who wouldn’t pay for software
May 6, 2021
Security researchers have provided insight into how a single student unwittingly became the conduit for a ransomware infection that cost a biomolecular institute a weeks’ worth of vital research. In a report due to be published on Thursday, Sophos described the case, in which the team was pulled in to neutralize an active cyberattack on a ...
- The UNC2529 Triple Double: A Trifecta Phishing Campaign
May 4, 2021
In December 2020, Mandiant observed a widespread, global phishing campaign targeting numerous organizations across an array of industries. Mandiant tracks this threat actor as UNC2529. Based on the considerable infrastructure employed, tailored phishing lures and the professionally coded sophistication of the malware, this threat actor appears experienced and well resourced. This blog post will discuss the ...