Incubated for two years by Ballistic Ventures, GetReal Labs has launched to combat manipulated content and deepfakes.
The post GetReal Labs Emerges From Stealth to Tackle Deepfakes appeared first on SecurityWeek.
SecurityWeek – Read More
Kimsuky uploaded TRANSLATEXT to their attacker-controlled GitHub repository on March 7, 2024, and it is capable of bypassing security measures for prominent email service providers like Gmail, Kakao, and Naver.
Cyware News – Latest Cyber News – Read More
There is an extreme lack of evidence of AI-related danger, and proposing or implementing limits on technological advancement isn’t the answer.
darkreading – Read More
A 24-year-old leader of an international robbery crew, Remy St Felix, has been convicted in the US for carrying out violent home invasions to steal cryptocurrency tokens.
Cyware News – Latest Cyber News – Read More
Everyone should have a food scale in the kitchen, whether you’re a baker or not. We asked a former chocolatier to test several—these are her favorites.
Wired – Read More
A new campaign targeting Mac users through malicious Google ads for the Arc browser has been observed. This is the second time Arc has been used as a lure, indicating its popularity.
Cyware News – Latest Cyber News – Read More
Before the debate, far-right influencers and even Trump himself flooded the internet with Biden conspiracies. Now they’re just sharing real clips.
Wired – Read More
Illia Polosukhin doesn’t want big companies to determine the future of artificial intelligence. His alternative vision for “user-owned AI” is already starting to take shape.
Wired – Read More
Gitleaks is an open-source tool that detects and prevents hardcoded secrets in Git repositories, like passwords or API keys. It stands out for its easy-to-use and configurable system for scanning secrets.
Cyware News – Latest Cyber News – Read More
We recently wrote about how attackers have learned to use legitimate social media infrastructure to deliver plausible-looking warnings about the blocking of business accounts, leading to password theft. It turns out that for several months now, a very similar method has been used to attack developer accounts on GitHub, which is a cause for concern for corporate information security teams (especially if developers have administrative access to corporate related repositories on GitHub). Let’s explore how this attack works.
Victims of this attack receive emails sent from a genuine GitHub email address. The emails claim that the GitHub team is looking for an experienced developer and offering attractive conditions — $180,000 per year plus a generous benefits package. If interested in the position, the recipient is invited to apply via a link.
The attack begins with an email: GitHub is supposedly seeking a developer for a $180,000 annual salary. Source
These emails do come from notifications@github.com, which really belongs to the service. However, an astute recipient might wonder why the HR team is using the notification address for job offers. They might also be puzzled that the email subject has nothing to do with the job offer, and instead ends with a list of several GitHub usernames.
However, the email’s authors send it out en masse, so they probably aren’t too worried about losing a few potential targets here. The attackers are satisfied with the small number of recipients who’ll be too distracted by the salary to notice the discrepancies.
Clicking the link in the email takes the recipient to a page that pretends to be the GitHub career site. Specifically, the addresses githubtalentcommunity[.]online and githubcareers[.]online have been used in this campaign — but these phishing sites are no longer available.
On the linked site, recipients are asked to authorize a malicious OAuth application. Source
On the site, developers interested in the position are asked to log in to their GitHub account and authorize a new OAuth application. This application requests numerous permissions — including access to private repositories, personal data, and discussions, as well as the ability to delete any repository managed by the targeted user.
The OAuth application requests a number of dangerous permissions. Source
Besides job offers, another type of email has been observed, claiming that GitHub had been hacked and the GitHub security team requires the user’s authorization to eliminate the consequences of the hack.
Phishing email variant warning of a GitHub hack. Source
If an inattentive developer grants the malicious OAuth application all the requested permissions, the attackers begin exploiting them. They empty all the victim’s repositories and then rename them — leaving behind only a single README.me file.
Hijacked and emptied repositories on GitHub with ransom notes left by the attackers. Source
The file contains a message stating that the data has been compromised, but that a backup has been made. To restore the data, the victim is instructed to contact a user named Gitloker on Telegram.
It appears that these emails are sent using the GitHub discussion system. That is, the attackers use already compromised accounts to create messages with the email text under various topics, tagging several users. As a result, all the tagged users receive emails from the notifications@github.com address. These messages are likely deleted immediately after sending.
Experienced users and developers often consider themselves to be immune to phishing attacks. However, as this story shows, they can also be caught off guard: the operators of this phishing campaign have already managed to compromise and wipe dozens of repositories.
To prevent your developers from falling victim to this attack, give them the following recommendations:
Always carefully check all details of an email and compare its subject, text, and sender address. Any discrepancies are almost certainly signs of a phishing attempt rather than accidental errors.
If you receive a similar email from GitHub, don’t click any links in it, and report the email to GitHub support.
Never authorize unknown OAuth applications — this story shows how serious the consequences can be.
Periodically review the list of authorized OAuth applications in your GitHub account, and remove any suspicious ones.
We recommend the following to companies:
Use a reliable security solution with phishing protection on all devices, which will warn of dangers and block malicious sites in time.
Conduct regular information security training for employees, including developers. Experience with IT systems doesn’t guarantee safety; the necessary skills must be developed specifically. For example, you can use our interactive educational platform, the Kaspersky Automated Security Awareness Platform.
Kaspersky official blog – Read More
