Thousands of GitHub Repositories Spread Malware That Is Disguised as Exploits

Experts from the Leiden Institute for Advanced Computer Science have discovered thousands of GitHub repositories with fake PoC exploits for various vulnerabilities that spread malware. It turned out that the probability of infection with malware when downloading PoC can reach 10.3%, even if outright fakes are excluded. Let me remind you that we also reported… Continue reading Thousands of GitHub Repositories Spread Malware That Is Disguised as Exploits

Hackers Use CircleCI Fake Notifications to Access GitHub Accounts

GitHub warns that a large-scale phishing campaign aimed at users began on September 16: scammers send emails with fake notifications on behalf of the Circle CI service, which is used for continuous development and deployment. Let me remind you that we also said that GitHub will replace the term “master” with a more neutral one,… Continue reading Hackers Use CircleCI Fake Notifications to Access GitHub Accounts

Developer of CodeRAT Trojan Releases Source Code

The source code for the CodeRAT remote access trojan has been published on GitHub. This happened after the security researchers identified the malware developer and called him to account because of the attacks in which this “tool” was used. SafeBreach experts say that the attacks using CodeRAT were built as follows: the campaign was aimed… Continue reading Developer of CodeRAT Trojan Releases Source Code

Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses

Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses

GitHub will remove exploits for vulnerabilities under attack

Last week the GitHub management announced that they are making changes to the anti-malware rules and will remove exploits that are under attack. Let me remind you that the revision of the rules is a direct consequence of the scandal that erupted in March 2021. That time, Microsoft, which owns GitHub, reported a series of… Continue reading GitHub will remove exploits for vulnerabilities under attack

GitHub Developers Review Exploit Posting Policy Due to Recent Scandal

The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal

GitHub removed ProxyLogon exploit and has been criticized

The administration of the GitHub service has removed a real working exploit for the ProxyLogon vulnerabilities in Microsoft Exchange, though information security specialists have sharply criticized GitHub. Yesterday we wrote that an independent information security researcher from Vietnam published on GitHub the first real PoC exploit for a serious set of ProxyLogon vulnerabilities recently discovered… Continue reading GitHub removed ProxyLogon exploit and has been criticized

Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds

Continue studies oт large-scale attack on the supply chain, for which attackers compromised SolarWinds and its Orion platform. It seems that experts have now discovered another hack group that used SolarWinds software to host Supernova and CosmicGale malware on corporate and government networks. Let me remind you that the malware used in the original attack… Continue reading Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds

Malicious packages found in RubyGems repository again

Sonatype experts have discovered the pretty_color and ruby-bitcoin malicious packages in the official RubyGems repository. The malware has already been removed from the platform. The malware hidden in the mentioned packages targeted Windows machines and replaced the addresses of any cryptocurrency wallets in the clipboard with the attackers’ wallet address. In essence, the malware helped… Continue reading Malicious packages found in RubyGems repository again

SolarWinds was hacked because its credentials were publicly available on GitHub

Earlier this week was reported a massive attack on the supply chain that affected SolarWinds and its customers. SolarWinds may have been hacked because its credentials were publicly available on GitHub for a while. The list of victims continues to grow, and it is now known that hackers have compromised: American information security company FireEye;… Continue reading SolarWinds was hacked because its credentials were publicly available on GitHub