Microsoft has cut off access to dozens of its open source projects hosted on GitHub as it investigates how hackers apparently breached the projects and injected password-stealing malware into the code.
Many of the affected projects relate to Microsoft’s cloud service Azure and other tools used by developers to code with AI development apps, such as Claude Code, Gemini’s command line interface, and VS Code.
Read more…
Source: TechCrunch News
Sign up for the Cyber Security Review Newsletter
The latest cyber security news and insights delivered right to your inbox
Related:
- Disrupting the Attack Chain Through Detecting Credential Dumping
March 15, 2019
There are various steps that an attacker must follow in order to execute any successful attack, with the initial compromise being just one stage in the overall attack chain. Once attackers have successfully breached the perimeter of an organization, they enter into the lateral movement phase where they attempt to tiptoe through a network, identifying ...
- Island hopping: The latest security threat you should be aware of
March 12, 2019
While island hopping sounds like a great way to spend a holiday in Thailand or Greece, the term also refers to an advanced cyber attack technique. Though it’s not a new phenomenon, this type of attack increased in prevalence in 2018 and will likely become more and more common. The name ‘island hopping’ comes from a WWII ...
- North Korean Hackers Behind $571M Crypto Heists Says UN Report
March 12, 2019
North Korean backed hacking groups were behind multiple cyberattacks impacting financial institutions and cryptocurrency exchanges as detailed in a report issued by a panel of experts for the United Nations (UN) Security Council. According to the report provided by the panel which comes as a confirmation of what security researchers have previously reported, “cyberspace is used by the DPRK as ...
- New SLUB Backdoor Uses GitHub, Communicates via Slack
March 11, 2019
In mid-February, Kaspersky Lab received a request for incident response from one of its clients. The individual who initially reported the issue to our client refused to disclose the origin of the indicator that they shared. What we do know is that it was a screenshot from one of the client’s internal computers taken on ...
- Georgia county pays a whopping $400,000 to get rid of a ransomware infection
March 9, 2019
Officials in Jackson County, Georgia, paid $400,000 to cyber-criminals this week to get rid of a ransomware infection and regain access to their IT systems. The ransomware hit the county’s internal network last week, on Friday, March 1, 11Alive reported on Wednesday. The infection forced most of the local government’s IT systems offline, with the exception of its website and 911 ...
- Email verification service takes itself offline after 800 million records get publicly exposed
March 8, 2019
An online email verification service has taken itself offline after approximately 809 million of its customers’ emails were exposed through an unprotected server. Researchers discovered a non-password protected MongoDB instance amounting to 150GB of data split across four separate collections last week. They analysed this exposed data, 808,593,939 records in total, and published their findings on Thursday. The exposed ...