github (12)

12404722692?profile=RESIZE_400xThe Checkmarx Research team recently discovered an attack campaign targeting the software supply chain, with evidence of successful exploitation of multiple victims.  These include the GitHub organization (a community of over 170k users) and several individual developers.  The threat actors used multiple TTPs in this attack, including account takeover via stolen browser cookies, contributing malicious code with verified commits, setting up a custom Python mirror, and publishing malicious

12402052463?profile=RESIZE_400xA new phishing campaign has been observed delivering Remote Access Trojans (RAT) such as VCURMS and STRRAT using a malicious Java-based downloader.  The attackers stored malware on public services like Amazon Web Services (AWS) and GitHub, employing a commercial protector to avoid detection of the malware, an unusual aspect of the campaign is VCURMS' use of a Proton Mail email address ("sacriliage@proton[.]me") for communicating with a command-and-control (C2) server.

The attack chain commences

12366120476?profile=RESIZE_400xGoogle continues to struggle with cybercriminals running malicious ads on its search platform to trick people into downloading booby-trapped copies of popular free software applications.  The malicious ads, which appear above organic search results and often precede links to legitimate sources of the same software, can make searching for software on Google a dicey affair.

Google says keeping users safe is a top priority, and that the company has a team of thousands working around the clock to cr

12293629454?profile=RESIZE_400xRecently, security researchers have uncovered close to 4,000 unique secrets inside nearly 3,000 PyPI packages   and says that more than 760 of these secrets were found to be valid.  Overall, the researchers identified 151 individual types of secrets, including AWS, Azure AD, GitHub, Dropbox, and Auth0 keys, credentials for MongoDB, MySQL, and PostgreSQL, and SSH, Coinbase, and Twilio Master credentials.

Valid credentials pose a critical and immediate threat to organizations, as

12258181264?profile=RESIZE_400xA new deceptive campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers.  The malicious code exfiltrates the GitHub project's defined secrets to a malicious C2 server and modify any existing javascript files in the attacked project with a web-form password-stealer malware code effecting any end-user submitting its password in a web form.  The malware is also designed to capture GitHub

12219035090?profile=RESIZE_192XDoDo ransomware was first reported last February of 2023.  It is a variant of the widely reported and observed Chaos ransomware.  Because it is a derivative, the DoDo ransomware is not considered new and recent.  However, a slightly different version of the DoDo ransomware has recently emerged, described below.[1]

Infection Vector - DoDo ransomware samples have the “Mercurial Grabber” file icon, which indicates the ransomware was likely distributed as such.  Mercurial Grabber is an open-source m

12187383682?profile=RESIZE_400xCybersecurity researchers have discovered new malicious packages on the npm package registry that are designed to exfiltrate sensitive developer information.  The npm registry is a public database of JavaScript packages that developers use to contribute packages to the community or download packages for their own projects.  The default npm public registry is found at npm is configured to use this registry by default, but it can be configured to use any compatible regi

12167935268?profile=RESIZE_400xThe Lazarus Group is North Korean state sponsored cybercrime group and they have been credited, in one way or another, with a recent social engineering campaign targeting developers on GitHub.  They are said to have been created by the North Korean government as early as 2007 and they are a part of the RGB, which is North Korea’s primary foreign intelligence agency.  “Lazarus Group” would appear to be the primary identity of the group, but they do have several aliases such as Appleworm, Group 77

12128282279?profile=RESIZE_400xExploit and vulnerability intelligence provider VulnCheck  has issued a warning over fake security researcher accounts distributing malware disguised as zero-day exploits for popular software.  The campaign was discovered in early May 2023, when researchers found a GitHub repository hosting code that its author claimed to be a zero-day for the Signal messaging application.  The cybersecurity firm continued finding such accounts on GitHub, offering what they claimed to be z

10952854294?profile=RESIZE_400xGitHub states that hackers gained access to its code repositories and stole code-signing certificates for two of its desktop apps: Desktop and Atom.  Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use.

GitHub revealed that on 7 December 2022, hackers gained unauthorized access to several of its code repositories and stolen code-signing certificates for two of its desktop apps: Atom and Desktop.  

10908522863?profile=RESIZE_400xA newly discovered web skimming campaign running for the past year has already compromised over 40 e-commerce sites, according to researchers.  The JavaScript protection vendor revealed that “Group X,” which exfiltrated card data to a server in Russia, used a novel supply-chain technique to compromise its victims.  The cyber-criminals exploited a third-party software named Cockpit, a free web marketing and analytics service that was discontinued in December 2014.   Cockpit is a JavaScript librar

10828243262?profile=RESIZE_400xThe Svalbard Seed Vault in Norway safeguards duplicates of 1,165,041 seed varieties from almost every country, with room for millions more.  Its purpose is to back up gene bank collections to secure the foundation of our future food supply.   The Seed Vault is the ultimate insurance policy for the world’s food supply, securing millions of seeds representing every important crop variety available today and offering options for future generations to overcome the challenges of climate change and po