GitHub warns that a large-scale phishing campaign aimed at users began on September 16: scammers send emails with fake notifications on behalf of the Circle CI service, which is used for continuous development and deployment. Let me remind you that we also said that GitHub will replace the term “master” with a more neutral one,… Continue reading Hackers Use CircleCI Fake Notifications to Access GitHub Accounts
Tag: GitHub
Developer of CodeRAT Trojan Releases Source Code
The source code for the CodeRAT remote access trojan has been published on GitHub. This happened after the security researchers identified the malware developer and called him to account because of the attacks in which this “tool” was used. SafeBreach experts say that the attacks using CodeRAT were built as follows: the campaign was aimed… Continue reading Developer of CodeRAT Trojan Releases Source Code
Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses
Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses
GitHub will remove exploits for vulnerabilities under attack
Last week the GitHub management announced that they are making changes to the anti-malware rules and will remove exploits that are under attack. Let me remind you that the revision of the rules is a direct consequence of the scandal that erupted in March 2021. That time, Microsoft, which owns GitHub, reported a series of… Continue reading GitHub will remove exploits for vulnerabilities under attack
GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
GitHub removed ProxyLogon exploit and has been criticized
The administration of the GitHub service has removed a real working exploit for the ProxyLogon vulnerabilities in Microsoft Exchange, though information security specialists have sharply criticized GitHub. Yesterday we wrote that an independent information security researcher from Vietnam published on GitHub the first real PoC exploit for a serious set of ProxyLogon vulnerabilities recently discovered… Continue reading GitHub removed ProxyLogon exploit and has been criticized
Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds
Continue studies oт large-scale attack on the supply chain, for which attackers compromised SolarWinds and its Orion platform. It seems that experts have now discovered another hack group that used SolarWinds software to host Supernova and CosmicGale malware on corporate and government networks. Let me remind you that the malware used in the original attack… Continue reading Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds
Malicious packages found in RubyGems repository again
Sonatype experts have discovered the pretty_color and ruby-bitcoin malicious packages in the official RubyGems repository. The malware has already been removed from the platform. The malware hidden in the mentioned packages targeted Windows machines and replaced the addresses of any cryptocurrency wallets in the clipboard with the attackers’ wallet address. In essence, the malware helped… Continue reading Malicious packages found in RubyGems repository again
SolarWinds was hacked because its credentials were publicly available on GitHub
Earlier this week was reported a massive attack on the supply chain that affected SolarWinds and its customers. SolarWinds may have been hacked because its credentials were publicly available on GitHub for a while. The list of victims continues to grow, and it is now known that hackers have compromised: American information security company FireEye;… Continue reading SolarWinds was hacked because its credentials were publicly available on GitHub
Researchers discovered four npm packages that were collecting user data
Sonatype identified four npm packages that collected and sent to their creator’s data about user machines, such as IP addresses, computer username, home directory path, processor model, and country and city information. The discovery originally made Sonatype malware detection robots that scan millions of applications. “Following alerts from the Sonatype bots, our security research team… Continue reading Researchers discovered four npm packages that were collecting user data