Tag: github
-
Anonymous Sudan isn’t any more: two alleged operators named, charged
Tags: githubGang said to have developed its evilware on GitHub then DDoSed GitHub First seen on theregister.com Jump to article: www.theregister.com/2024/10/17/anonymous_sudan_arrests_charges/
-
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.”In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and…
-
GitHub, Telegram Bots, and QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a way to bypass security measures and deliver Remcos RAT, indicating that the method is gaining traction among threat actors.”In this campaign, legitimate repositories such as the open-source tax filing software, UsTaxes, HMRC, and…
-
Ghidra data type archive for Windows driver functions
Cisco Talos is releasing a GDT file on GitHub that contains various definitions for functions and data types. First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/ghidra-data-type-archive-for-windows-drivers/
-
Hackers Hide Remcos RAT in GitHub Repository Comments
The tack highlights bad actors’ interest in trusted development and collaboration platforms, and their users. First seen on darkreading.com Jump to article: www.darkreading.com/vulnerabilities-threats/hackers-hide-remcos-rat-github-comments
-
China-Backed APT Group Culling Thai Government Data
CeranaKeeper is bombarding Southeast Asia with data exfiltration attacks via file-sharing services such as Pastebin, OneDrive, and GitHub, researchers say. First seen on darkreading.com Jump to article: www.darkreading.com/cyberattacks-data-breaches/new-china-backed-apt-group-culling-thai-government-data
-
Neue APT-Gruppe CeranaKeeper missbraucht Dropbox und Github
Bei Angriffen auf thailändische Behörden erbeuteten Cyberkriminelle Daten, indem sie verschlüsselte Dateien zu Filesharing-Diensten hochluden. First seen on heise.de Jump to article: www.heise.de/news/Neue-APT-Gruppe-CeranaKeeper-missbraucht-Dropbox-und-Github-9961562.html
-
CVE-2024-47076, CVE-2024-47175, CVE-2024-47176, CVE-2024-47177: Frequently Asked Questions About Common UNIX Printing System (CUPS) Vulnerabilities
Frequently asked questions about multiple vulnerabilities in the Common UNIX Printing System (CUPS) that were disclosed as zero-days on September 26. Background The Tenable Security Response Team (SRT) has compiled this blog to answer Frequently Asked Questions (FAQ) regarding a series of vulnerabilities in the Common UNIX Printing System (CUPS). We will update this blog…
-
Beware Of Fake Captcha Attacks That Delivers Lumma Stealer Malware
In the past four weeks, a significant increase in malware distribution attempts via fake Captcha campaigns has been observed, targeting over 1.4 million users. Lumma Stealer, a hazardous malware designed for data theft, is the primary payload being distributed. Cybercriminals leverage phishing emails, such as the recent GitHub Security Team impersonation, to lure victims to…
-
Cybersecurity Snapshot: Critical Infrastructure Orgs Found Vulnerable to Basic Hacks, While New MITRE Tool Uses ML to Predict Attack Chains
Tags: access, advisory, apache, attack, authentication, botnet, business, cctv, ceo, china, cisa, cloud, computer, control, credentials, cyber, cyberattack, cybersecurity, data, defense, detection, firmware, framework, github, google, government, group, guide, hacker, identity, infrastructure, intelligence, international, Internet, iot, least-privilege, linkedin, linux, login, malicious, malware, mfa, microsoft, mitigation, mitre, ml, mobile, network, nist, office, password, phishing, risk, risk-management, router, service, software, supply-chain, tactics, technology, threat, tool, vulnerability, vulnerability-management, windows, xssReport finds that many critical infrastructure networks can be breached using simple attacks. Plus, a new MITRE Engenuity tool uses machine learning to infer attack sequences. Meanwhile, CISA will lead a project to standardize civilian agencies’ cyber operations. And get the latest on XSS vulnerabilities, CIS Benchmarks and a China-backed botnet’s takedown! Dive into six…
-
Clever ‘GitHub Scanner’ campaign abusing repos to push malware
A clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new “issue” on an open source repository falsely claiming that the project contains a “security vulnerability.” First seen on bleepingcomputer.com Jump to article:…
-
JFrog und GitHub stärken Zusammenarbeit mit Copilot-Chat und Software-Supply-Chain-Schutz
Die Integration von JFrog in GitHub ermöglicht eine nahtlose und sichere Verfolgung des Codes von der Quelle bis zu den resultierenden Binärdateien auf beiden Plattformen, unterstützt durch folgende zentrale Funktionen: First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-und-github-staerken-zusammenarbeit-mit-copilot-chat-und-software-supply-chain-schutz/a38345/
-
JFrog integriert GitHub und optimiert sicheres Software Supply Chain Management
Im Rahmen einer fortlaufenden Initiative wollen beide Unternehmen eine Roadmap für kontinuierliche Verbesserungen aufstellen, um sicherzustellen, dass… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-integriert-github-und-optimiert-sicheres-software-supply-chain-management/a37534/
-
Check Point entdeckt erfolgreiches Malware-Netzwerk auf GitHub
GitHub, der weltweit größte Quellcode-Host, ist integraler Bestandteil von über 100 Millionen Entwicklern und bietet mehr als 420 Millionen Repositori… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-erfolgreiches-malware-netzwerk-auf-github/a37903/
-
3,000 >>ghost accounts<< on GitHub spreading malware
In the past, cyber criminals directly distributed malware on GitHub using encrypted scripting code or malicious executables. But now threat actors are… First seen on securityintelligence.com Jump to article: securityintelligence.com/news/3000-ghost-accounts-github-malware/
-
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
Threat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped s… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/github-actions-vulnerable-to.html
-
GitHub Copilot Autofix tackles vulnerabilities with AI
GitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 mi… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366603045/GitHub-Copilot-Autofix-tackles-vulnerabilities-with-AI
-
Stargazers Ghost: 3.000 falsche GitHub Accounts verbreiten Malware
Das Hacker-Netzwerk ‘Stargazers Ghost nutzt den Quellcode-Host GitHub, um über gefälschte Accounts Malware zu verbreiten, wie Sicherheitsforscher von … First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/stargazers-ghost-3-000-falsche-github-accounts-verbreiten-malware
-
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
Kudelski Security has developed an open-source solution named YouShallNotPass (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP vali… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/01/youshallnotpass-hardening-ci-cd-pipelines-on-mission-critical-environments/
-
Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos
A new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by cybersecurity experts at Malwarebytes. The scammers are using a combination of purchased Google... First seen on securityonline.info Jump to article: securityonline.info/beware-mac-users-fake-applecare-support-scam-lures-victims-via-github-repos/
-
You probably want to patch this critical GitHub Enterprise Server bug now
First seen on theregister.com Jump to article: www.theregister.com/2024/08/21/patch_github_enterprise_bug/
-
GitHub comments abused to push password stealing malware masked as fixes
Source: www.bleepingcomputer.com/news/security/github-comments-abused-to-push-password-stealing-malware-masked-as-fixes/ comments: 0
-
Attackers Spread Lumma Stealer Malware GitHub Comments
Cybercriminals are leveraging platforms like GitHub to spread the Lumma information stealer malware. This sophisticated threat is part of a growing tr… Source: gbhackers.com/lumma-stealer-malware-github/ comments: 0
-
GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices
Worried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/github-copilot-security-and-privacy-concerns-understanding-the-risks-and-best-practices/
-
Admin-Attacken auf GitHub Enterprise Server möglich
Tags: githubFirst seen on heise.de Jump to article: www.heise.de/news/Admin-Attacken-auf-GitHub-Enterprise-Server-moeglich-9843620.html
-
Copilot Autofix by GitHub launches
Tags: githubFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/copilot-autofix-by-github-launches
-
There is no real fix to the security issues recently found in GitHub and other similar software
The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-sour… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-aug-1-2024/
-
Researcher says deleted GitHub data can be accessed ‘forever’
Truffle Security researcher John Leon warned GitHub users that deleted repository data is never actually deleted, which creates an enormous attack vec… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366599096/Researcher-says-deleted-GitHub-data-can-be-accessed-forever