Trend Micro experts have discovered that hackers are abusing the system anti-cheat driver of the popular game Genshin Impact to disable anti-virus software during ransomware attacks. Mhypro2.sys gives access to the memory of any process and kernel, and is also able to terminate processes with the highest privileges. Let me remind you that we also… Continue reading Genshin Impact Game’s Anti-Cheat Driver Is Used to Disable Antiviruses
Tag: GitHub
GitHub will remove exploits for vulnerabilities under attack
Last week the GitHub management announced that they are making changes to the anti-malware rules and will remove exploits that are under attack. Let me remind you that the revision of the rules is a direct consequence of the scandal that erupted in March 2021. That time, Microsoft, which owns GitHub, reported a series of… Continue reading GitHub will remove exploits for vulnerabilities under attack
GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
The GitHub developers review the exploit posting policy and want to discuss with the information security community a series of changes to the site rules. These rules determine how employees deal with malware and exploits uploaded to the platform. The proposed changes imply that GitHub will establish clearer rules about what counts as code that… Continue reading GitHub Developers Review Exploit Posting Policy Due to Recent Scandal
GitHub removed ProxyLogon exploit and has been criticized
The administration of the GitHub service has removed a real working exploit for the ProxyLogon vulnerabilities in Microsoft Exchange, though information security specialists have sharply criticized GitHub. Yesterday we wrote that an independent information security researcher from Vietnam published on GitHub the first real PoC exploit for a serious set of ProxyLogon vulnerabilities recently discovered… Continue reading GitHub removed ProxyLogon exploit and has been criticized
Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds
Continue studies oт large-scale attack on the supply chain, for which attackers compromised SolarWinds and its Orion platform. It seems that experts have now discovered another hack group that used SolarWinds software to host Supernova and CosmicGale malware on corporate and government networks. Let me remind you that the malware used in the original attack… Continue reading Microsoft: Supernova and CosmicGale malware detected on systems running SolarWinds
Malicious packages found in RubyGems repository again
Sonatype experts have discovered the pretty_color and ruby-bitcoin malicious packages in the official RubyGems repository. The malware has already been removed from the platform. The malware hidden in the mentioned packages targeted Windows machines and replaced the addresses of any cryptocurrency wallets in the clipboard with the attackers’ wallet address. In essence, the malware helped… Continue reading Malicious packages found in RubyGems repository again
SolarWinds was hacked because its credentials were publicly available on GitHub
Earlier this week was reported a massive attack on the supply chain that affected SolarWinds and its customers. SolarWinds may have been hacked because its credentials were publicly available on GitHub for a while. The list of victims continues to grow, and it is now known that hackers have compromised: American information security company FireEye;… Continue reading SolarWinds was hacked because its credentials were publicly available on GitHub
Researchers discovered four npm packages that were collecting user data
Sonatype identified four npm packages that collected and sent to their creator’s data about user machines, such as IP addresses, computer username, home directory path, processor model, and country and city information. The discovery originally made Sonatype malware detection robots that scan millions of applications. “Following alerts from the Sonatype bots, our security research team… Continue reading Researchers discovered four npm packages that were collecting user data
DeepSource Developers Talked about Hacking of Their GitHub Application
A popular automated code analysis tool, DeepSource, is designed to identify vulnerabilities, bugs, and performance issues. Also, for more convenience, it has integration with GitHub, and now the DeepSource developers talked about hacking their GitHub application. DeepSource reported this week that GitHub security had notified them of potentially malicious activity in June. “On July 11th,… Continue reading DeepSource Developers Talked about Hacking of Their GitHub Application
Google Unveiled a Source Code for Tsunami Vulnerability Scanner
Google has unveiled the source code for the Tsunami scanner, a scalable solution for detecting dangerous vulnerabilities with a minimum of false positives. The scanner is aimed at large corporate networks consisting of thousands or even millions of Internet-connected systems. The code is already available on GitHub. Tsunami will not be registered as a Google… Continue reading Google Unveiled a Source Code for Tsunami Vulnerability Scanner