GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects

Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects. [TechWeb]( Follow Dark Reading: [RSS]( August 15, 2024 LATEST SECURITY NEWS & COMMENTARY [GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects]( Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of open source projects. ['EastWind' Cyber-Spy Campaign Combines Various Chinese APT Tools]( The likely China-linked campaign is deploying CloudSorcerer and other proprietary binaries belonging to known state-sponsored groups, showing how advanced persistent threat groups often collaborate with each other. [UK Royal Family, Prime Minister Deepfakes Make Rounds on Meta]( According to the researchers, roughly 250 fake advertisements appeared on platforms like Facebook and Instagram, and some are reportedly still up and running. [Cybercriminal Leader 'J.P.Morgan' Busted for Pioneering RaaS Model]( Maksim Silnikau and his associates are accused of developing and distributing notorious ransomware strains such as Reveton and Ransom Cartel, among other criminal acts. [Cybersecurity's Real Challenge Is Communication, Not Just Technology]( By nurturing a security-centric work culture that involves everybody, organizations can overcome challenges with greater agility and confidence. [MORE NEWS /]( [MORE COMMENTARY]( HOT TOPICS [Inc Ransomware Encryptor Contains Keys to Victim Data Recovery]( The threat group is disrupting healthcare organizations. Victims can help themselves, though, even after compromise, by being careful in the decryption process. [DNC Credentials Compromised by 'IntelFetch' Telegram Bot]( The Democratic National Convention soon to take place in Chicago, already under heavy security, faces an additional threat in the form of stolen credentials for delegates. [A Lesson From the CrowdStrike Incident]( The recent outage highlights the critical importance of adhering to established processes and governance frameworks. [DARPA Aims to Ditch C Code, Move to Rust]( The Defense Advanced Research Projects Agency launches TRACTOR program to work with university and industry researchers on creating a translation system that can turn C code into secure, idiomatic Rust code. [The Changing Expectations for Developers in an AI-Coding Future]( AI's proficiency at creating software code won't put developers out of a job, but the job will change to one focused on security, collaboration, and "mentoring" AI models. [MORE]( PRODUCTS & RELEASES [Experian Acquires Behavioral Analytics Company NeuroID]( [Digital Align Inc. Achieves SOC 2 Type 2 Certification for Secure Automation Intelligence]( [Zimperium Teams Up With Okta to Enhance Zero-Trust Identity Threat Protection With AI-Driven Mobile Security Solutions]( [MORE PRODUCTS & RELEASES]( EDITORS' CHOICE [Microsoft Discloses 10 Zero-Day Bugs in Patch Tuesday Update]( Attackers are already actively exploiting six of the bugs and four others are public, including one for which Microsoft has no patch yet. LATEST FROM THE EDGE [How Can Organizations Navigate SEC's Cyber Materiality Disclosures?]( Inconsistencies and lack of information in cybersecurity disclosures highlight the need for organizations to establish a robust materiality assessment framework. LATEST FROM DR TECHNOLOGY [NIST Releases 3 Post-Quantum Standards, Urges Orgs to Start PQC Journey]( Security experts welcomed the long-anticipated publication of the first post-quantum cryptographic standards as a significant milestone. LATEST FROM DR GLOBAL [Ransomware Group Behind Major Indonesian Attack Wears Many Masks]( Brain Cipher made a loud entry to the ransomware scene, but it doesn't seem to be quite as sophisticated as its accomplishment would suggest. WEBINARS - [Digging Out Your Organization's Technical Debt]( - [Securing Your Cloud Assets]( [View More Dark Reading Webinars >>]( WHITE PAPERS - [The Future of Passwords and the Passwordless Evolution]( - [OT Threat Intelligence Report: Fuxnet ICS Malware]( - [The Future of Audit, Risk, and Compliance: Exploring AI's Transformative Impact, Use Cases, and Risks]( - [Google Threat Intelligence]( - [How Cyber Threat Intelligence Empowers the C-Suite]( - [A Year in Review of Zero-Days Exploited In-the-Wild in 2023]( - [Leveling Up Cyber-Threat Intelligence Maturity for More Value and Better Insights]( [View More White Papers >>]( FEATURED REPORTS - [Managing Third-Party Risk Through Situational Awareness]( - [2024 InformationWeek US IT Salary Report]( [View More Dark Reading Reports >>]( Dark Reading Daily -- Published By [Dark Reading]( Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond [here.]( Thoughts about this newsletter? [Give us feedback.](mailto:ContactDarkReading@informa.com) Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: /cdn-cgi/l/email-protection?sp_aid=125163&elq_cid=22844169&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529&utm_source=eloqua&utm_medium=email&utm_campaign=DR_NL_Dark%20Reading%20Daily_08.15.24&sp_cid=54714&utm_content=DR_NL_Dark%20Reading%20Daily_08.15.24&sp_eh=9ec2e0353644c03ce56099bfb161a49d1f8a5a22f0d884f0cd961b89d205d529#ae If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our [Privacy Statement.]( [© 2024]( | [Informa Tech]( | [Privacy Statement]( | [Terms & Conditions]( | [Contact Us](mailto:ContactDarkReading@informa.com)