Pinned
Ax Sharma
3,611 posts
Ax Sharma
@Ax_Sharma
Security Researcher | Tech Journalist | 📰 Bylines + seen on: BBC, BleepingComputer, Channel 5, TechCrunch | ✉️ [email protected]
- A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo:
- A threat actor is now advising StackOverflow devs seeking debugging help to install a 'pytoileur' #Python package as a "solution" to their code troubles. 🛑DO NOT fall for this, it's a trap—the package has encoded code hidden on line 17 via whitespaces and infects Windows users
- EXCLUSIVE: #Okta says its GitHub source code repositories were stolen this December in a 'confidential' security notification sent to 'security contacts' that include IT managers at various organizations.
- 🚨 Apache has disclosed an *actively exploited* Path traversal flaw in the #opensource "httpd" server. Over 112,000 exposed Apache servers run version 2.4.49, and should be upgraded now! New fix checks for encoded path traversal characters e.g. /../.%2E/ blog.sonatype.com/apache-servers…
- Uber won't fix the vulnerability that lets anyone email as "Uber"—this isn't a spoofed email but sent from Uber via an exposed endpoint. Researcher @0x21SAFE states threat actors could abuse this to phish 57 million victims of the 2016 Uber data breach. bleepingcomputer.com/news/security/…
- Anonymous altered the official knowledgebase of Epik after the alt-right web hosting provider denied that any breach had occurred. Epik has provided services for the Texas GOP, 8chan, Parler, and Gab, among others. arstechnica.com/information-te… #EpikFail
- EXCLUSIVE: Newly discovered #Azure flaw lets attackers brute-force Active Directory credentials in an undetected manner. At this time, there's no way to easily block the endpoints used by Seamless SSO. #Microsoft seems to consider this a "design" choice.
- Replying to @Ax_SharmaTurns out, this flaw or a deliberate design choice has been known for a while too, but remains unresolved.
- Replying to @Ax_SharmaGitHub calls these "anonymized URLs" but I'm not sure if that's accurate—considering they appear to be associated with a repo. By contrast, Discord CDN URLs to "attachments" are truly anonymized and look like: https://cdn.discordapp[.]com/attachments/XXXXX/XXXX/virus.exe
- BREAKING: eFile[.]com, an IRS-authorized U.S. tax return software provider, was caught serving #JavaScript malware for weeks—as early as March 17th, and up until at least April 1st. bleepingcomputer.com/news/security/… h/t @malwrhunterteam @johullrich
- Dev behind popular #npm library 'node-ipc' released sabotaged versions that DELETE all data of Russian/Belarusian users by overwriting their files with '❤️' bleepingcomputer.com/news/security/… #opensource
- PyTorch reveals malicious dependency chain compromise between Dec 25th & 30th. The counterfeit 'tortchtrion' stole SSH keys, first 1000 files in $HOME, .gitconfig and other secrets. 2,300+ downloads seen so far on PyPI. Uninstall now 👇👇👇 bleepingcomputer.com/news/security/… #opensource
- BREAKING: #PHP Git server is the latest victim of a software supply chain attack in which attackers planted a remote code execution #backdoor in the PHP source code. PHP powers almost 8 out of 10 sites on the internet, making this upstream attack noteworthy. #opensource #git
PHP's Git server hacked to add backdoors to PHP source code - @Ax_Sharma bleepingcomputer.com/news/security/…
