Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Hackers Breach 3.5 Million MobiFriends Dating App Credentials
May 8, 2020
The emails, hashed passwords and usernames of 3.5 million users of the dating app MobiFriends were put up for sale on an underground forum. The credentials of 3.5 million users of MobiFriends, a popular dating app, have surfaced on a prominent deep web hacking forum, according to researchers. MobiFriends is an online service and Android app designed to help ...
- SilverTerrier: New COVID-19 Themed Business Email Compromise Schemes
May 7, 2020
Focusing on one of the most active subsets of the global threat landscape, Palo Alto Networks Unit 42 tracks Nigerian cyber criminals involved in Business Email Compromise (BEC) activities under the name SilverTerrier. Over the past 90 days (Jan. 30 – Apr. 30), we have observed three SilverTerrier actors/groups launch a series of 10 COVID-19 themed ...
- Targeted Ransomware Attack Hits Taiwanese Organizations
May 6, 2020
A new targeted attack has infected several organizations in Taiwan with a new ransomware family, which we have dubbed ColdLock. This attack is potentially destructive as the ransomware appears to target databases and email servers for encryption. The information we gathered indicates that this attack started hitting organizations in early May. Analysis of the malware points ...
- Coinminer, DDoS Bot Attack Docker Daemon Ports
May 6, 2020
Researchers found an open directory containing malicious files, which was first reported in a series of Twitter posts by MalwareHunterTeam. Analyzing some of the files, we found a malicious cryptocurrency miner and Distributed Denial of Service (DDoS) bot that targets open Docker daemon ports. The attack starts with the shell script named mxutzh.sh, which scans for open ports (2375, ...
- DDoS attacks in Q1 2020
May 6, 2020
Since the beginning of 2020, due to the COVID-2019 pandemic, life has shifted almost entirely to the Web — people worldwide are now working, studying, shopping, and having fun online like never before. This is reflected in the goals of recent DDoS attacks, with the most targeted resources in Q1 being websites of medical organizations, ...
- Excel Files with Hidden Sheets Target Users in Italy
May 5, 2020
A spam campaign using emails that have Excel file (.xls) attachments (detected by Trend Micro as Trojan.XF.HIDDBOOK.THDBHBO) has been seen circulating and targeting users in Italy and some users in Germany and other countries. The attachment appears blank when opened, but it has a sheet set to “hidden” that attempts to connect to a URL and download a ...