SLUB Backdoor Receives Commands From GitHub and Communicates Through Slack
Security researchers have discovered that the new SLUB backdoor is receiving attack commands from GitHub and relying on Slack for communicating with its attackers.
New Reverse Proxy Tool Can Bypass Two-Factor Authentication and Automate Phishing Attacks
A new reverse proxy tool called Modlishka can easily automate phishing attacks and bypass two-factor authentication (2FA) — and it's available for download on GitHub.
Researchers Observe Threat Actor Using Varied Tools and Payloads to Distribute Monero Miners
Researchers observed a new threat actor known as Rocke leveraging a varied tool kit and multiple payloads to distribute cryptomining malware, including Monero miners.
New Zero-Day Vulnerability for Windows Tweeted, Immediately Exploited
A new zero-day vulnerability affecting Windows 7 through 10 was recently disclosed on Twitter. Within two days, security researchers spotted it in the wild.
Adversarial AI: As New Attack Vector Opens, Researchers Aim to Defend Against It
While fraudsters have yet to master adversarial AI, the only way for the security community to get ahead of the emerging threat is through collaborative defense.
Git Vulnerabilities Found in Version Control Systems
Three popular version control systems were found to contain vulnerabilities that could enable threat actors to steal source code.
GitPwnd Shows How Threat Actors Could Hijack Git Repositories in Software Development
Researchers have created a tool that uses Git repositories to demonstrate how Agile and other software development approaches could have security issues.
Malware Attack Targets Open Source Developers
A recent phishing campaign targeted GitHub developers with Dimnie malware, which enables fraudsters to alter open source code packages.
Publicly Stored Security Key May Have Enabled Uber Data Breach
A recent data breach at Uber may have been enabled by a security key stored on a public GitHub page, according to a lawsuit filed by Uber.