16 Oct, 2024

Crypto-stealing malware campaign infects 28,000 people

Over 28,000 people from Russia, Turkey, Ukraine, and other countries in the Eurasian region were impacted by a large-scale cryptocurrency-stealing malware campaign. The malware campaign disguises itself as legitimate software promoted via YouTube videos and fraudulent GitHub repositories where victims download password-protected archives that initiate the infection. According to cybersecurity firm Dr. Web, the campaign […]

3 mins read

Critical flaw in NVIDIA Container Toolkit allows full host takeover

A critical vulnerability in NVIDIA Container Toolkit impacts all AI applications in a cloud or on-premise environment that rely on it to access GPU resources. The security issue is tracked as CVE-2024-0132 and allows an adversary to perform container escape attacks and gain full access to the host system, where they could execute commands or exfiltrate sensitive information. […]

2 mins read

Clever ‘GitHub Scanner’ campaign abusing repos to push malware

A clever threat campaign is abusing GitHub repositories to distribute the Lumma Stealer password-stealing malware targeting users who frequent an open source project repository or are subscribed to email notifications from it. A malicious GitHub user opens a new “issue” on an open source repository falsely claiming that the project contains a “security vulnerability” and urges […]

4 mins read

GitHub comments abused to spread Lumma Stealer malware as fake fixes

GitHub is being abused to distribute the Lumma Stealer information-stealing malware as fake fixes posted in project comments. The campaign was first reported by a contributor to the teloxide rust library, who noted on Reddit that they received five different comments in their GitHub issues that pretended to be fixes but were instead pushing malware. Further review by GeekFeed […]

2 mins read

GitHub Enterprise Server vulnerable to critical auth bypass flaw

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. The security issue is identified as CVE-2024-6800 and received a 9.5 severity rating as per the CVSS 4.0 standard. It is described as an XML signature wrapping problem that occurs […]

2 mins read

GitHub Actions artifacts found leaking auth tokens in popular projects

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD workflows. Attackers stealing these tokens could gain unauthorized access to private repositories, steal source code, or inject malicious code into projects. The discovery by Palo Alto Networks’ Unit 42 […]

4 mins read

Over 3,000 GitHub accounts used by malware distribution service

Threat actors known as ‘Stargazer Goblin’ have created a malware Distribution-as-a-Service (DaaS) from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware. In most cases, the malware are infostealers, such […]

4 mins read