The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.
Threatpost
Posts tagged "code"
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
The data-extortion gang got at Microsoft’s Azure DevOps server. Meanwhile, fellow Lapsus$ victim and authentication firm Okta said 2.5 percent of customers were affected in its own Lapsus$ attack.
Threatpost
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
The move comes just a week after GPU-maker NVIDIA was hit by Lapsus$ and every employee credential was leaked.
Threatpost
Conti Ransomware Decryptor, TrickBot Source Code Leaked
The decryptor spilled by ContiLeaks won’t work with recent victims. Conti couldn’t care less: It’s still operating just fine. Still, the dump is a bouquet’s worth of intel.
Threatpost
Iranian State Broadcaster Clobbered by ‘Clumsy, Buggy’ Code
Researchers said a Jan. 27 attack that aired footage of opposition leaders calling for assassination of Iran’s Supreme Leader was a clumsy and unsophisticated wiper attack.
Threatpost
BotenaGo Botnet Code Leaked to GitHub
The malware had already put millions of routers and IoT devices at risk, and now any noob can have at it.
4-Year-Old Microsoft Azure Zero-Day Exposes Web App Source Code
The security vulnerability could expose passwords and access tokens, along with blueprints for internal infrastructure and finding software vulnerabilities.
Threatpost
Java Code Repository Riddled with Hidden Log4j Bugs; Here’s Where to Look
There are 17,000npatched Log4j packages in the Maven Central ecosystem, leaving massive supply-chain risk on the table from Log4Shell exploits.
Threatpost
Malicious PyPI Code Packages Rack Up Thousands of Downloads
The Python code repository was infiltrated by malware bent on data exfiltration from developer apps and more.
Threatpost
Malicious npm Code Packages Built for Hijacking Discord Servers
The lurking code-bombs lift Discord tokens from users of any applications that pulled the packages into their code bases.
Threatpost