Visual Studio Marketplace is the latest supply chain attack vector

Aqua Security researchers have found that hackers are using Visual Studio Marketplace to conduct supply chain attacks.

In a new report, the researchers uncovered that attackers could impersonate popular VS Code extensions to trick developers into downloading malicious versions.

VS Code is the most popular IDE, with around 74.48 percent of developers using it. The vast array of extensions available for VS Code is partly what drives its popularity.

Here are some...

Hackers compromised Okta’s private GitHub repos

Okta says hackers compromised its private GitHub repos earlier this month and stole its source code.

BleepingComputer got hold of a “confidential” email notification sent by Okta to its “security contacts” about the breach.

The Identity and Access Management (IAM) solutions leader says GitHub alerted Okta to the suspicious access earlier this month.

“Upon investigation, we have concluded that such access was used to copy Okta code repositories," wrote...

Malware campaign targets official Python and JavaScript repos

An active malware campaign is targeting official Python and JavaScript repositories.

Software supply chain security firm Phylum spotted the campaign. Phylum said that it discovered the campaign after noticing a flurry of activity around typosquats of the popular Python requests package.

Typosquats take advantage of simple typos to install malicious packages.

In this case, the PyPI typos include: dequests, fequests, gequests, rdquests, reauests, reduests,...

Syntax error breaks KmsdBot cryptomining botnet

A syntax error broke an otherwise advanced cryptomining botnet called KmsdBot.

The malware, which could also be used for distributed denial-of-service (DDoS) attacks, was discovered by Akamai Security Research.

Akamai’s researchers witnessed the authors “accidentally crash” KmsdBot after observing the malware stopped sending attack commands after receiving:

!bigdata www.bitcoin.com443 / 30 3 3 100 

The lack of a space between the website and the...

Simon Maple, Snyk: Developing the future of cybersecurity

Simon Maple, field CTO at Snyk, discusses the importance of embedding security into the development stage.

Could you tell us a little bit about the company and what you guys do?

Absolutely. Snyk’s a seven-year-old developer-focused company that happens to specialise in security. So seven years ago it realised there's a big gap where developers were the ones who needed to focus on security. They're the ones who actually fix issues. And so we decided the fix here is to create a...

Cyber Security & Cloud Expo: Examining the 2022 malware landscape

Geopolitical tensions and the largest war in Europe for decades have defined the malware landscape in 2022.

Recorded Future has been capturing global threat information from the internet, dark web, and technical sources for over a decade. The firm combines this vast amount of data with AI and human expertise to spot threats early and provide actionable insights to security professionals.

Toby Wilmington, Manager - Sales Engineering at Recorded Future, provided his...

Better app security cannot start with tools

There is a common trope in science fiction movies where robots start to think for themselves and launch a war with humans for control of Earth.

These storylines come from a familiar place. We continue to see robots, machines, and technological tools replace many traditional jobs requiring a human touch. Many industries, such as manufacturing, rely heavily on these devices, with automation a growing threat to the workforce.

Technological tools remain critical to software...

PyPI maintainers warn of ongoing phishing attack

The maintainers of the Python Package Index (PyPI) have warned of an ongoing phishing attack targeting users.

“Today we received reports of a phishing campaign targeting PyPI users. This is the first known phishing attack against PyPI,” wrote the maintainers in a tweet.

A phishing email is sent to users warning that PyPI is implementing a mandatory ‘validation’ process and that users must follow a link or risk their package being removed:

The...

PyPI package installs cryptominer on Linux systems

A malicious PyPI package was used to install a Monero cryptominer on Linux systems.

The package in question, secretslib, was pushed to the official third-party software repo for Python on 6th August 2022. The package was described as “secrets matching and verification made easy”.

Sonatype’s automated malware detection system flagged secretslib as potentially malicious. Further analysis proved its suspicions to be correct.

“The package covertly runs...

GitHub now sends Dependabot alerts for vulnerable Actions

GitHub has announced that it will begin sending Dependabot alerts when it detects vulnerable GitHub Actions.

GitHub Actions makes it easy for developers to automate their workflows. Dependabot, meanwhile, automatically updates dependencies to keep your projects secure.

When an Action vulnerability is discovered, GitHub’s team of security researchers will create an advisory to document it. Following the creation of an advisory, Dependabot alerts will be sent to impacted...