Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Bitcoin ATM operator Coin Cloud suffers severe data breach
November 13, 2023
Coin Cloud, a prominent Bitcoin ATM operator, has fallen victim to a significant security breach in a recent development that has shaken the cryptocurrency world. Hackers, whose identities remain unknown, have reportedly seized control of Coin Cloud’s backend system source code and accessed sensitive customer data, including 70,000 client selfies and personal details of around 300,000 ...
- Data breach of Michigan healthcare giant exposes millions of records
November 13, 2023
Michigan-based healthcare nonprofit McLaren Health Care notified more than 2 million people about a data breach exposing personal information on Thursday, according to a data breach notification report. Unauthorized access to McLaren systems began on July 28 and lasted through August, but the individual impact varies from person to person. According to a notice on ...
- Boeing confirms ransomware attack as stolen data released by cybercrime gang Lockbit
November 11, 2023
Stolen data from American aircraft manufacturer Boeing has been released online by the cybercrime gang, Lockbit, according to the group’s website. Boeing confirmed a cybersecurity incident involving elements of its parts and distribution business. “We are aware that, in connection with this incident, a criminal ransomware actor has released information it alleges to have taken from ...
- DP World Australia’s port operations hit by cyber attack
November 11, 2023
Global ports operator DP World Australia has restricted access to its ports as it works to contain a cyber security incident that is likely to disrupt the movement of goods for days. DP World Australia detected the incident and began responding on Friday, it said in a statement. DP World Australia, part of Dubai’s state-owned ports giant ...
- Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
November 10, 2023
On October 31, 2023, Atlassian published an advisory on CVE-2023-22518, an Improper authorization vulnerability involving the Confluence Data Center and Server. Initially reported to cause data loss, it was eventually revealed that exploiting this vulnerability allows unauthorized users to reset and create a Confluence instance administrator account, allowing them to perform all admin privileges available to ...
- YouTube shows ads for ad blocker, financial scams
November 10, 2023
After performing local experiments for a few months, YouTube recently expanded its effort to block ad blockers. The move was immediately unpopular with some users, and raised some questions in Europe about whether it was breaking privacy laws. In addition, there are some still some fundamental issues that have some people concerned. In this blog post, ...