Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- New Zealand: Hackers email Mediaworks data breach victims demanding NZ$820
March 18, 2024
Hackers connected to a MediaWorks data breach are demanding a ransom of US$500 (NZ$820) in cryptocurrency from one of the victims of the data leakage. MediaWorks has confirmed a database containing information from individuals who entered its online competitions has been breached. It follows a post on an internet forum on Thursday, which claimed to have ...
- Ethereum’s Create2: A Double-Edged Sword In Blockchain Security
March 18, 2024
Ethereum’s CREATE2 function is being exploited by attackers to compromise the security of digital wallets, bypassing traditional security measures and facilitating unauthorized access to funds. The attack method involves tricking users into approving transactions for smart contracts that haven’t been deployed yet, allowing cybercriminals to later deploy malicious contracts and steal cryptocurrencies. This vulnerability highlights the ...
- Tech giant Fujitsu says it was hacked, warns of data breach
March 18, 2024
Multinational technology giant Fujitsu confirmed a cyberattack in a statement Friday, and warned that hackers may have stolen personal data and customer information. “We confirmed the presence of malware on multiple work computers at our company, and as a result of an internal investigation, we discovered that files containing personal information and customer information could be ...
- Mandatory cyber requirements after Change Healthcare attack opposed by health sector
March 18, 2024
The American Hospital Association has opposed mandatory cybersecurity requirements proposed for the healthcare sector following the ransomware attack against Change Healthcare, which has resulted in widespread prescription processing outages across the U.S. “Imposing fines or cutting Medicare payments would diminish hospital resources needed to combat cybercrime and would be counterproductive to our shared goal of preventing ...
- Southeast Asia’s three-nation partnership to fight cyber threats
March 17, 2024
From rampant job scams to sophisticated e-commerce attacks, cyber threats in Southeast Asia are skyrocketing. Singapore reportedly had more than 46,000 cybercrime cases in 2023, including job scams and e-commerce scams, the highest since 2016. Things were almost as bad in Malaysia. Cases involving social media scams reportedly increased by 37 percent from January to November 2023 ...
- Russia foiled 280,000 DDoS cyberattacks against remote electronic voting system
March 17, 2024
Speaking at a news conference in Moscow, Ella Pamfilova, head of Russia’s Central Election Commission, said that the overall turnout in the presidential election as of 3:45 p.m. Moscow time (1245GMT), taking into account remote electronic voting, is 70.81%. Pamfilova also said that about 280,000 DDoS cyberattacks against remote electronic voting had been foiled, including 215,000 ...