Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- 23andMe user data breached in credential-stuffing attack
October 7, 2023
Biotech company 23andMe, known for its DNA testing kits, said the leak occurred through a credential-stuffing attack. A credential-stuffing attack involves user information that has already been compromised (usernames and passwords, for example) from one organization, which a hacker obtains and attempts to reuse with a second organization — in this case, 23andMe. Because of the ...
- MGM Resorts estimates $100M loss due to cyber attack
October 6, 2023
MGM Resorts sent a letter to customers regarding the recent cyber incident that took place on Sept. 11. MGM Resorts stated that on or around Sept. 29, it determined that an unauthorized third party obtained the personal information of some of its customers on Sept. 11. The company also said it filed an 8-K form with ...
- Qakbot-affiliated actors distribute Ransom Knight malware despite infrastructure takedown
October 5, 2023
In a late August 2023 operation involving the FBI and many international partners, law enforcement agencies seized the infrastructure and cryptocurrency assets used by the Qakbot malware, dealing considerable damage to the group’s operations. Many people in the security industry wondered whether this would mean that the Qakbot affiliates were gone forever or just temporarily ...
- NSA and CISA Release Advisory on Top Ten Cybersecurity Misconfigurations
October 5, 2023
Today, the National Security Agency (NSA) and Cybersecurity and Infrastructure Security Agency (CISA) released a joint cybersecurity advisory (CSA), NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations, which provides the most common cybersecurity misconfigurations in large organizations, and details the tactics, techniques, and procedures (TTPs) actors use to exploit these misconfigurations. The ...
- Clorox shares touch more than 5-year low on financial hit from cyber attack
October 5, 2023
Shares in Clorox were down 8.1% on Thursday, after hitting their lowest level since May 2018, after the cleaning supplies company’s warned that an August cyber attack would push it into a quarterly loss and slash up to 28% off its revenue. On Aug 14 Clorox said it took some systems offline after unauthorized activity disrupted ...
- Sony confirms cyber-attack exposed details of nearly 7000 current and former employees
October 5, 2023
Sony Interactive Entertainment has confirmed the personal information of 6,791 former and current employees was exposed as part of a cyber-attack in June. According to a report the data breach was carried out by the Clop ransomware group. Sony is now contacting anyone affected and is offering credit monitoring and identity restoration services. In correspondence notifying ...