Recently, Check Point Research observed threat actors using GitHub to achieve initial infections by utilizing new methods.
Previously, GitHub was used to distribute malicious software directly, with a malicious script downloading either raw encrypted scripting code or malicious executables. Their tactics have now changed and evolved. Threat actors now operate a network of “Ghost” accounts that distribute malware via malicious links on their repositories and encrypted archives as releases. This network not only distributes malware but also provides various other activities that make these “Ghost” accounts appear as normal users.
Read more…
Source: Check Point
Related:
- Here’s a list of proxy IPs to help block KillNet’s DDoS bots
February 6, 2023
A free tool aims is helping organizations defend against KillNet distributed-denial-of-service (DDoS) bots and comes as the US government issued a warning that the Russian cybercrime gang is stepping up its network flooding attacks against hospitals and health clinics. At current count, the KillNet open proxy IP blocklist lists tens of thousands of proxy IP addresses ...
- Italy warns hackers targeting known server vulnerability
February 6, 2023
Thousands of computer servers have been targeted by a global ransomware hacking attack targeting VMware ESXi servers, Italy’s National Cybersecurity Agency (ACN) said on Sunday, warning organisations to take action to protect their systems. The hacking attack sought to exploit a software vulnerability, ACN director general Roberto Baldoni told Reuters, adding it was on a massive ...
- UK Engineering Company Vesuvius Hit by Cyber Attack
February 6, 2023
Vesuvius PLC said Monday that it is currently managing a cyber incident that involved unauthorized access to its systems. The U.K. engineered-ceramics manufacturer said as soon as it was aware of the unauthorized activity, it took the necessary steps to respond, including shutting down affected systems. Read more… Source: Market Watch
- Okta customers report dramatic increase in cyber-attacks
February 3, 2023
A marketing survey from digital identity firm Okta fielded in the first quarter of last year highlights dangers that, while hardly unknown, are sobering. The survey and report examined the state of secure identity, and came up with three facts the market needs to come to grips with. Read more… Source: Biometric Update
- TgToxic Malware’s Automated Framework Targets Southeast Asia Android Users
February 3, 2023
Trend Micro researchers analyzed an ongoing campaign that has been targeting Android users in Southeast Asia since July 2022. Its goal is to steal victims’ assets from finance and banking applications (such as cryptocurrency wallets, credentials for official bank apps on mobile, and money in deposit), via a banking trojan they named TgToxic (detected by Trend ...
- Tallahassee Memorial hospital victim of suspected ransomware attack
February 3, 2023
Tallahassee Memorial HealthCare is postponing all non-emergency patient procedures as officials manage an Information Technology security issue that occurred late Thursday night, according to a memo from the hospital. The IT security breach is a suspected ransomware attack, according to sources with knowledge of the situation. Read more… Source: Florida Politics