Check Point Research has discovered cybercriminals exploiting the popular Godot Game Engine to deliver malicious software. Discover the techniques used by attackers and how to protect yourself from these threats.

****SUMMARY****

*   **Cybercriminals are exploiting the Godot game engine to deliver malware called GodLoader, targeting multiple platforms like Windows, macOS, and Linux.**

*   **GodLoader hides malicious code in game files, bypassing antivirus detection and compromising over 17,000 devices since June 2024.**

*   **The malware uses sandbox evasion, Microsoft Defender exclusions, and GitHub-hosted repositories to distribute attacks.**

*   **GodLoader’s payloads include RedLine Stealer and cryptocurrency miners, affecting 1.2 million Godot game users.**

*   **The Godot team advises downloading software from trusted sources and avoiding cracked files to stay safe.**

Check Point Research (CPR) has published its latest research on a novel multi-platform technique employed by cybercriminals to exploit the popular open-source game engine, Godot to deliver a newly discovered malicious payload dubbed GodLoader after bypassing traditional security measures.

The concerning aspect is GodLoader’s cross-platform functionality, making it effective on macOS, Windows, Linux, iOS, and Android. Although designed to target Windows, it can be used on Linux and macOS with minimal adjustments.  The malware is, reportedly, distributed via the Stargazers Ghost Network on GitHub, using over 200 repositories and 225 accounts between September and October 2024. 

“The threat actor behind this malware has been utilizing it since June 29, 2024, infecting over 17,000 machines,” and an attack can put 1.2 million users of Godot-developed games at risk, researchers noted in the blog post.

According to CPR’s research, cybercriminals exploit the flexibility of Godot’s scripting language, GDScript and embed malicious code within game assets, executing it when the game is launched. This is a stealthy approach, which enables attackers to bypass antivirus detection and compromise systems without raising alarms.

Further probing revealed that it uses sandbox and virtual machine detection, as well as Microsoft Defender exclusions, to avoid detection. The malware was hosted on Bitbucket.org and distributed across four attack waves, with initial payloads including RedLine Stealer and XMRig cryptocurrency miners.

For your information, Godot is a powerful tool for game development that allows developers to bundle game assets and scripts into .pck files, which contain the game’s resources, including images, sounds, and scripts. By injecting malicious GDScript code into these .pck files, attackers can trick the game engine into executing harmful commands.

As soon as the game loads the infected .pck file, the hidden script springs into action, downloading and deploying additional malware payloads onto the victim’s device.

The attack flow (Via CPR)

****Godot Engine’s Statement****

The Godot Engine development team, in response, has issued a statement, explaining that GodLoader doesn’t exploit a specific weakness in Godot itself because like any programming language (e.g. Python or Ruby) Godot also allows the creation of both good and bad programs. Though the malware exploits Godot’s scripting language (GDScript) to deliver its payload, this doesn’t make Godot inherently unsafe.

The team also noted that it isn’t a one-click exploit because the GodLoader malware tricks users into downloading/executing a seemingly harmless file (typically a .pck file disguised as a software crack). This file wouldn’t work on its own and the attackers also must provide the Godot runtime (.exe file) separately to make it successful. This means users have to take multiple steps to install the malware, making it less likely to be a one-click exploit.

Nonetheless, team Godot emphasizes the importance of good security habits and downloading from trusted sources like official websites, established distribution platforms, or trusted individuals. Windows and macOS users should check for signed executables and notarization by a trusted party and avoid using cracked software as it is a common target for malicious actors.

1.  **Gcore Thwarts 500M PPS DDoS Attack on Gaming Firm**
2.  **What is Blockchain Gaming and its Play-to-Earn Model?**
3.  **Exploring Data Privacy and Security in B2B Gaming Data**
4.  **Winos4.0 Malware Hits Windows via Fake Gaming Apps**
5.  **Gaming Firms, Community Members Hit by Dark Frost Botnet**

Godot Engine Exploited to Spread Malware on Windows, macOS, Linux

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor.
That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024.
"In this attack,

APT-C-60 Exploits WPS Office Vulnerability to Deploy SpyGlace Backdoor

Consumers are being swamped by Google ads claiming to be eBay's customer service.

Tech support scammers are targeting eBay customers in the U.S. via fraudulent Google ads. In a few separate searches, we were able to identify multiple Sponsored results that were created from at least four different advertiser accounts.

While most of those ads clearly looked fake, they appeared consistently and prominently enough to trick the inattentive user into a scam. Victims who clicked the ad were redirected to bogus websites prompting them to call for assistance, leading them straight into the scammer’s den.

We have reported the malicious ads to Google and are monitoring for similar campaigns targeting other brands.

**Flurry of ads**

A search for ‘_ebay phone number_‘ or ‘_ebay customer service_‘ from the U.S. using Google Chrome returned several ads that were entirely fraudulent. Upon closer inspection, we found that they were created from four separate advertiser accounts, some belonging to legitimate entities, some created from scratch.

The first ad shown in the screenshot above is the most deceiving of all since it uses eBay’s brand name, logo and website. While Google has strict rules about who may be allowed to do this (i.e. the owner, affiliates), scammers are able to still “comply” with the rule and yet be total crooks.

All they need to do is ensure the final URL (once you click the ad) is one the same domain or is a subdomain that matches the one shown in the ad. That’s the case here, as they are using _developer.ebay.com_. (part of eBay’s Developers Program Search) which can technically be claimed as belonging to _ebay.com_.

Yet, as you can see below, the destination URL is not what one would expect. It shows a search portal with a printed search result that has eBay’s customer service phone number (narrator: it is not).

This is a trick we’ve seen recently with various online platforms: you perform a calculated search query, even if you know no result will be found. What matters is that your search query will appear on screen, and will be used to fool people who see it. In the example above, the search query was for “_eBay.Customer-Service +1 (866) 409\[-\]9281_“.

The other ads redirect to fake websites or pages hosted on cloud providers such as BitBucket claiming to be eBay customer service. Once again, scammers make it clear and obvious that users should call the phone number displayed on screen.

**Keeping scammers at bay**

Calling any of those phone numbers is strongly discouraged, unless of course your favorite sport is scam baiting. The tried and tested “tech support scam” is one of the most costly type of crime for American consumers.

From call centres mostly located overseas, young people with a broken English accent will attempt to trick victims into giving them access to their computer or phone. The end goal is to steal as much money as they can, by requesting gift cards or by taking over people’s own bank accounts.

It is important to always double check before calling any phone number, especially if it came from an ad or an unsolicited email. In doubt, always visit the source, i.e. _ebay.com_ to access support via live chat or get their official number.

If you weren’t already, you may want to consider using a browser extension such as Malwarebytes Browser Guard. Not only does it block ads, it also detects phishing sites of various kinds.

**We don’t just report on threats – we help safeguard your entire digital identity**

Cybersecurity risks should never spread beyond a headline. Protect your—and your family’s—personal information by using identity protection.

**Indicators of Compromise**

Fake pages

e-bays-24x7support-number\[.\]vercel\[.\]app  
developer\[.\]ebay\[.\]com  
e-bay24x7pluscaresupport\[.\]bitbucket\[.\]io  
upbay\[.\]online  
e-bay24x7customer\[.\]casterins\[.\]online  
e-bay24x7-customers-services-assist\[.\]onrender\[.\]com

Fraudulent phone numbers

1\[-\]866\[-\]409\[-\]9281  
1\[-\]833\[-\]714\[-\]3970  
1\[-\]805\[-\]372\[-\]1369

 Large eBay malvertising campaign leads to scams 

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal…

Hackers claim to have breached Nokia through a third-party contractor, allegedly stealing SSH keys, source code, and internal credentials. The data is being sold for $20,000 on BreachForums, though no customer data was affected. Nokia has not yet commented on the claim.

A notorious hacker known as Intel Broker has announced a data breach involving the telecommunications giant Nokia. Posting on the infamous cybercrime forum BreachForums, Intel Broker claims to have gained unauthorized access to sensitive Nokia information through a third-party contractor linked to Nokia’s internal tool development.

The hacker claims that no customer information was accessed, but they have obtained **critical internal data** from Nokia’s systems, which they’re now selling for $20,000.

**Details of the Breach**

According to Intel Broker’s post, the stolen data includes SSH keys, source code, RSA keys, Bitbucket logins, SMTP accounts, webhooks, and hardcoded credentials. All of these items could potentially enable further unauthorized access to internal systems or facilitate other types of cyber attacks. In an attempt to validate the breach, Intel Broker also shared a file tree, showcasing various files and folders apparently related to Nokia’s internal operations.

In an exclusive conversation with Hackread.com, Interl Broker said that the stolen data collection is up for sale for $20,000, and he is reaching out to prospective buyers on BreachForums. According to the post, only those with high-ranking status and sufficient reputation on the forum are being encouraged to inquire.

Intel Broker on Breach Forums (Screenshot: Hackread.com)

The hacker claims to have pulled this data from a contractor working closely with Nokia, rather than Nokia’s own systems directly. This method of breaching systems through third-party vendors has become **increasingly common**, as vendors are often granted extensive access to the companies they serve. Cybersecurity experts have long warned about this weak point, advising companies to ensure that security standards extend to their contractors and partners.

**Potential Impact**

While Intel Broker emphasizes that customer data is not included in the breach, the exposure of alleged Nokia’s internal data could still have widespread implications. With access to development environments, source code, and credentials, hackers could potentially tamper with Nokia’s tools or services, or exploit the vulnerabilities in these resources to compromise other systems.

Screenshot from the sample data that Hackread.com analysed

****Nokia’s Response****

At the time of reporting, there has been no official statement from Nokia on this alleged breach. However, Hackread.com has reached out to the company awaiting a response. Stay tuned.

****About Intel Broker****

Intel Broker who is also the owner of Breach Forums is known for high-profile data breaches. **In June 2024**, the hacker claimed to have breached Apple Inc., stealing source code for internal tools. The same hacker boasted about **breaching AMD** (Advanced Micro Devices, Inc.), and stealing employee and product information.

**In May 2024**, Intel Broker hacked Europol, a breach that the agency later confirmed. Some of the hacker’s previous data breaches are listed below:

*   **Tech in Asia**
*   **Space-Eyes**
*   **Home Depot**
*   **Facebook Marketplace**
*   **Staffing giant Robert Half**
*   **U.S. contractor Acuity Inc.**
*   **Los Angeles International Airport**
*   **Alleged breaches of HSBC and Barclays Bank**

Although the hacker’s origins and affiliates are unknown, according to the United States government, IntelBroker is alleged to be the perpetrator behind one of the **T-Mobile data breaches**.

1.  **Hacker Leaks Thousands of Nokia Employee Details**
2.  **Nokia Taiwan Hacked, 100,000+ accounts leaked online**
3.  **Cisco Network Breach as Employee’s Google Account was Hacked  
    **

Hackers Claim Access to Nokia Internal Data, Selling for $20,000

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews.…

The issue of GitHub data protection is increasingly discussed among developers on platforms like Reddit, X, and HackerNews. This year alone, GitHub has been in the news multiple times due to malware incidents, high-severity vulnerabilities, and data deletion events, all of which pose risks to users’ data.

How can developers secure their GitHub environments? While widely recommended practices include least-privilege access controls, routine testing, API authentication, frequent rotation of access tokens, and using SSH keys, backups deserve particular focus. Establishing a reliable GitHub backup system is essential for safeguarding data effectively.

****Why back up your GitHub account?** **

According to The State of DevOps Threats Report by GitProtect.io, the number of incidents that impacted GitHub users in 2023 grew by over 21%. And around 13.94% of events that took place had a major impact on the service. 

If you check Q1 and Q2 of 2024, you will see that there have already been 70+ incidents that influence GitHub users in various ways. Just to note, in 2023 there were 160+ different incidents, starting from major impact to maintenance. 

Why is it important to back up your GitHub environment? Anything can happen, and it’s always wise to prepare for worst-case scenarios. In such cases, having a backup can help by:

*   Protect GitHub repositories and metadata against outages and other unpredictable threats, as it allows the restoration of a copy to another location and ensures workflow and business continuity, 

*   Safeguard against human errors, like accidental deletion of files, 

*   Ensure data recoverability in case of a ransomware attack, as backup is the final line of protection, 

*   Fulfill the Shared Responsibility Model which defines the roles and responsibilities of GitHub and its users. Here it’s worth mentioning that GitHub data protection is the user’s duty. In GitHub Terms of Service, it’s written: “You are responsible for keeping your Account secure while you use our Service. We offer tools such as two-factor authentication to help you maintain your Account’s security, but the content of your Account and its security are up to you.” 

*   Meet security compliance and data retention requirements, as the majority of security protocols and compliance regulations require organizations to have longer retention times, backup, and Disaster Recovery guarantees. GDPR, HIPAA, PCI DSS, FedRAMP, ISO/IEC 27001, FINRA, HITECH, NIS 2 Directive, etc. – they all require organizations to have a backup. 

****Top 10 tips to make sure your GitHub backup plan is effective** **

Considering all the threats, an effective backup plan should help to foresee any disaster scenario and guarantee that all the GitHub account data won’t be lost. 

****Tip 1: Full data coverage** **

Efficient backup should include all the repositories, and metadata, such as issues, pull requests, issue comments, webhooks, wiki, labels, deployment keys, projects, pipelines, and Git LFS. It will help to ensure complete repo integrity and full data protection. 

****Tip 2: Backup automation** **

It’s important to have the possibility to automate backup processes by scheduling backup policies at the most appropriate time and frequency. For example, set up a backup plan that triggers a copy every 4 hours.  

****Tip 3: Various backup performance schemes** **

Not to overload your storage, you should have the option to define different rotation and performance schemes for every backup copy you set up. They may be full, incremental, or differential backup copies. 

****Tip 4: Multi-storage consistency** **

By having a few copies in different storage locations, you can eliminate any risk of a disaster and meet the 3-2-1 backup rule which requires to have at least 3 backup copies in 2 or more storage locations, with 1 offsite. 

Moreover, when it comes to storage destinations, you should be able to back up your repository and other related data to both local and cloud storage instances. 

****Tip 5: Backup replication** **

Having a few copies in various locations isn’t enough. You should make sure that you can enable replication between backup storage destinations. In this case, all the copies will be consistent and in the event of failure, you will be able to restore your data from any of the storage instances if one of them fails to run. 

****Tip 6:  Long-term retention** **

Retention is closely related to compliance and data recovery from any point in the past. By default, GitHub stores build logs for 90 days. However, it might be not enough for those organizations that operate in regulated industries or require much longer retention times. 

A backup solution should help solve this issue by allowing long-term or even unlimited retention. Thus, an organization will be able to recover its data from any point in time, for example, from 3 or 5 years prior. 

****Tip 7: Transparent management and monitoring** **

Not all team members should have the same access to backups. Hence, the backup software should allow you to set various roles and assign different responsibilities to your team members. For example, there may be those, who are either responsible for setting up GitHub backups, triggering recovery in case of a failure, only viewing backup performance, or system administrators who can operate without restrictions.  

What is more, you should always get notifications when your backup or restore was performed with details and statuses. There can be different ways of notifications – email, Slack, webhooks as well as a dedicated console with all data-driven information, tasks, SLA, and compliance reports. 

****Tip 8: In-flight and at-rest encryption** **

Your GitHub repo and metadata should be protected at every stage – in-flight, during the transmission, and at rest. Moreover, as an additional security measure, you should be able to set your personal encryption key. 

Also, your device should have no information about the encryption key, it should receive it only during the backup performance to keep up with the zero-encryption approach.  

****Tip 9: Ransomware protection** **

As backup is a final line of defence, it must be ransomware-proof. Immutable storage that helps keep data in a non-executable format, every-scenario-ready Disaster Recovery, encryption should be arranged and work as a clock to ensure your GitHub data protection and recoverability. Moreover, backup software should guarantee secure access authorization, for example, via SAML SSO protocols. 

****Tip 10: Restore and Disaster Recovery** **

Having a consistent GitHub backup should mean that you can restore your data in any event of failure – ransomware attack, service outage, infrastructure downtime, etc. The backup solution should allow you to restore your data fully or granularly – only selected metadata or repositories. 

Regarding the restore destinations, the solution should also foresee any event of failure. Thus, you should have the option to recover your GitHub data to the same or a new GitHub account, to your local machine, or cross-over recovery to another Git hosting platform, like GitLab, Bitbucket, or Azure DevOps. 

What’s more, during the recovery process, you shouldn’t overwrite the existing data but have the opportunity to restore it as a new file. 

****Is my GitHub backup effective?** **

To ensure that your backup processes are efficient, your backup should respond to the mentioned tips. 

However, how to build your backup strategy for your GitHub environment is the question you should answer taking into account your security and compliance requirements, the size of your GitHub ecosystem, the evaluation of data loss risks, and others. 

You can go with the “Download zip” files and folders option or backup scripts, however, they won’t ensure automation, proper protection against ransomware, and restore capabilities. In this case, all the responsibility over GitHub data protection is on your side. 

Alternatively, you can use a dedicated backup software, like GitProtect.io for GitHub, that will help you both share your duties over GitHub data protection and ensure your data is accessible and recoverable in any disaster scenario. With scheduled automated backup procedures, full data coverage, data residency of your choice, ransomware protection, and advanced disaster recovery measures, the backup provider brings peace of mind that every line of your source code is secured.

1.  **How To Safeguard Your Data With Cloud MRP System**
2.  **How to Hide Tables in SQL Server Management Studio**
3.  **How to Recover Deleted Emails from Exchange Server?**
4.  **Cloud Solutions Transform Software Quality Assurance**
5.  **How to Choose the Best Analytics Tools for Mobile Apps**
6.  **How To Craft The Perfect Data Loss Prevention Strategy**
7.  **How to Install Microsoft Exchange Updates with Reliability**
8.  **Insights on Google Cloud Backup, Disaster Recovery Service**

How To Create a Complete GitHub Backup

League of Legends fans beware! A new malware campaign targeting the League of Legends World Championship is spreading…

League of Legends fans beware! A new malware campaign targeting the League of Legends World Championship is spreading rapidly.  Learn how to protect yourself from the Lumma Stealer virus and keep your gaming experience safe.

As the League of Legends (LoL) World Championship heats up (Sept 23–Nov 2, 2024), cybercriminals are taking the opportunity to target unsuspecting fans with malware campaigns. A recent report from Bitdefender Labs warns of a new threat targeting gamers across Europe and has already claimed around 4,000 victims, mostly male adults. 

The malicious campaign is exploiting the excitement surrounding the global esports event. The scam involves carefully crafted social media advertisements that lure fans into downloading what appears to be a legitimate League of Legends game. It is worth noting that the game is already free to play and this is just a trick to lure users. 

One of the malicious League of Legends ads on Facebook discovered by Bitdefender

When the download button is clicked, Lumma Stealer malware is installed, allowing criminals to extract sensitive information such as credit card information, passwords, crypto wallets, and browser session cookies. 

The scam was discovered by Bitdefender Labs’ researcher Ionut Baltariu. As per their findings shared with Hackread.com ahead of publishing on Wednesday, the attackers are using social media platforms to reach League of Legends enthusiasts with ads that promise a free download of the game. Those who fall for the ad are directed to a page mimicking an older version of the League of Legends download page crafted using typosquatting to make it harder to detect.

After clicking the download link, they are directed to a Bitbucket repository containing a malicious archive. The downloaded archive contains an executable and a legitimate Windows file, user32.dll, which serves as a dropper for Lumma Stealer, a dangerous malware part of the MaaS (Malware-as-a-Service) economy. 

****The Lumma Stealer Threat:****

Lumma Stealer is a powerful data-stealing malware capable of extracting sensitive information from infected devices. Cybercriminals can steal steal social media accounts, and sell stolen data on underground markets, facilitating identity theft and phishing attacks. Also, Lumma injects itself into a legitimate Windows process, bitlockertogo.exe, to remain undetected by antivirus software.

To protect yourself from cybercriminals during the League of Legends World Championship, follow these precautions: double-check website URLs, download from official sources like the official website or Steam, be cautious of online ads that seem too good to be true, and use a strong security solution like a reputable antivirus and security suite. Stay alert against cybersecurity risks to have a safe gaming experience.

1.  Analysis of Top Infostealers: Redline, Vidar and Formbook
2.  LummaC2 Malware Variant Uses Obfuscation to Steal Data
3.  Hacked YouTube Channels Spread Lumma via Cracked Software
4.  PDiddySploit Malware Hidden in Files Revealing Deleted Diddy Posts
5.  LummaC2 v4.0 Steals Data with Trigonometry to Detect Human Users

Fake League of Legends Download Ads Spread Lumma Stealer Malware

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software.

Thursday, August 1, 2024 14:00

A recently discovered security issue in GitHub and other, similar, control system products seem to fit into the classic “it’s a feature, not a bug” category. 

Security researchers last week published their findings into some research of how deleted forks in GitHub work, potentially leaving the door open for a malicious actor to steal a project key and then view deleted forks and versions of any project on GitHub. 

This may not necessarily even be a \*new\* discovery, because users on social media were quick to point out that these products have always been designed this way, so it’s not like a new sort of exploit had just been published. But the publishing of these findings came after Truffle Security says a major tech company accidentally leaked a private key for an employee GitHub account, and despite totally deleting the repo thinking that would take care of the leak, it was still exposed and accessed by potentially malicious users.  

This potential issue has not been tested in similar software like GitLab or Bitbucket, but conceivably, they’ve all been designed in the same way. The major difference for GitHub is that deleted or unpublished commits can be downloaded via a fork if the user has the correct identifying hash (or at least a portion of it).  

The issue here is there is no real patch or fix to address this issue, and now it’s widely known and been publicized on the internet.  

GitHub told The Register that this is part of how the software is designed, and there doesn’t appear any efforts underway to change that. 

“GitHub is committed to investigating reported security issues. We are aware of this report and have validated that this is expected and documented behavior inherent to how fork networks work. You can read more about how deleting or changing visibility affects repository forks in our documentation,” the company said in a statement to online publication The Register. 

The lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-source software like those projects that are created and managed on GitHub. (Martin Lee and I will be discussing more in tomorrow morning’s episode of Talos Takes.) 

The other option is that, if you’re a GitHub user and at some point, published a key, you should probably just assume someone has copied it by now. That means not only deleting references to that key but rotating the key and checking if it was used improperly.  

**The one big thing **

Cisco Talos recently discovered a malicious campaign that compromised a Taiwanese Government Affiliated Research Institute that started as early as July 2023, delivering Shadowpad malware, Cobalt Strike and other customized tools for post-compromise activities. The activity conducted on the victim endpoint matches the Chinese hacking group APT41. The combined use of malware, open-source tools and projects procedures and post-compromise activity matches this group method of operation. ShadowPad, widely considered the successor of PlugX, is a modular remote-access-trojan (RAT) only seen sold to Chinese hacking groups. 

**Why do I care? **

APT41 is a prolific and dangerous threat actor that all users and cybersecurity practitioners should be keeping track of. The group, also known as Amoeba, Bronze Atlas, Wicked Spider, and more, is known for carrying out Chinese state-sponsored espionage activity and other financially motivated cybercrimes. We have also uncovered that APT41 created a tailored loader to inject a proof of concept for CVE-2018-0824, a remote code execution vulnerability in Microsoft COM for Windows, directly into memory to achieve local privilege escalation. 

**So now what? **

This threat actor commonly tries to exploit CVE-2018-0824, which Microsoft has long had a patch available for. Users should ensure all Windows systems are up to date to the latest version to protect against this vulnerability (and the hundreds of others that exist in Windows anyway!). Additionally, Talos has released new ClamAV signatures and Snort rules to detect the ShadowPad malware and Cobalt Strike beacons used by APT41.  

**Top security headlines of the week **

**Another Microsoft outage just days after the massive CrowdStrike-related incident was the result of a cyber attack, according to the company.** The outage Wednesday morning affected Microsoft Outlook and the video game “Minecraft” for almost 10 hours and forced thousands of users to report issues. The incident gained increased interest in the wake of a massive outage last weekend that resulted in international disruptions and tens of millions of dollars in damages. Microsoft stated after the outage was resolved that the initial issue was caused by a distributed denial-of-service attack, and additional mitigations to defend against that DDoS attack failed. A notification on Microsoft’s website said the outage affected Microsoft Azure, the cloud platform that powers many of its services, and Microsoft 365. It also said cloud systems Intune and Entra were affected. Even though Microsoft had no direct involvement in the previous outage, the company has been under a microscope since the incident. That outage was caused by a faulty update to CrowdStrike Falcon that was pushed to many versions of Windows 11. (BBC, Forbes) 

**A new version of the Mandrake Android spyware appears to be spreading through phony apps on the Google Play store.** The revised spyware, used to unknowingly track users’ location and activity on their mobile devices, has been downloaded more than 32,000 times since 2022, according to new research. The original version of Mandrake was active between two periods, one in 2016 and 2017 and another between 2018 and 2020. Besides the usual spyware functions, Mandrake can completely wipe a device with a killswitch, leaving no trace of the malware. Spyware commonly targets highly vulnerable individuals, including politicians, activists and journalists. Spouses and romantic partners may also use it to unknowingly track their significant others. The most popular fake app used was AirFS, an advertised file-sharing app, that was downloaded more than 30,000 times before it was removed from the Google Play store. Once the user installs the phony app, the Mandrake malware is unknowingly installed, and it asks for the user’s permission to draw overlays on their screen under the guise of the illegitimate app. (Bleeping Computer, Security Affairs) 

**North Korean APT Andariel is accused of carrying out a series of espionage-focused campaigns targeting U.S. weapon systems over the past two years.** Security researchers say the state-sponsored group targeted healthcare providers, defense contractors and nuclear facilities, possibly to steal information that could improve the country’s own weapons programs. North Korea is constantly using its posession of nuclear weapons to try and intimidate Western countries. Separately, the U.S. indicted a North Korean citizen for his alleged involvement in several cyber attacks against American hospitals. The individual, suspected of having ties to North Korea’s Reconnaissance General Bureau, allegedly targeted hospitals in Florida and Kansas, healthcare providers in Arkansas and Connecticut, and a clinic in Colorado. The U.S. State Department is offering a reward of up to $10 million for information that leads to the arrest of Rim Jong Hyok. (The Record, CNN) 

**Can’t get enough Talos? **

*   Ransomware and email attacks are hitting businesses more than ever before 
*   Cisco Talos: An oral history 
*   Vulnerability Roundup: Out-of-bounds read vulnerability in NVIDIA driver; Open-source flashcard software contains multiple security issues 
*   Talos Takes Ep. #192: Threat actor trends and the most prevalent malware from the past quarter 

**Upcoming events where you can find Talos **

**_BlackHat USA_** **_(Aug. 3 – 8)_** 

_Las Vegas, Nevada_ 

**_Defcon_** **_(Aug. 8 – 11)_** 

_Las Vegas, Nevada_ 

**_BSides Krakow_** **_(Sept. 14)_**  

_Krakow, Poland_ 

**Most prevalent malware files from Talos telemetry over the past week **

**SHA 256:** 9f1f11a708d393e0a4109ae189bc64f1f3e312653dcf317a2bd406f18ffcc507  
**MD5:** 2915b3f8b703eb744fc54c81f4a9c67f f  
**Typical Filename:** VID001.exe  
**Claimed Product:** N/A  
**Detection Name:** Win.Worm.Coinminer::1201

**SHA 256:** c67b03c0a91eaefffd2f2c79b5c26a2648b8d3c19a22cadf35453455ff08ead0  
**MD5:** 8c69830a50fb85d8a794fa46643493b2  
**Typical Filename:** AAct.exe  
**Claimed Product:** N/A  
**Detection Name:** PUA.Win.Dropper.Generic::1201

**SHA 256:** 161937ed1502c491748d055287898dd37af96405aeff48c2500b834f6739e72d  
**MD5:** fd743b55d530e0468805de0e83758fe9  
**Typical Filename:** KMSAuto Net.exe  
**Claimed Product:** KMSAuto Net  
**Detection Name:** W32.File.MalParent

**SHA 256:** 24283c2eda68c559f85db7bf7ccfe3f81e2c7dfc98a304b2056f1a7c053594fe  
**MD5:** 49ae44d48c8ff0ee1b23a310cb2ecf5a  
**Typical Filename:** nYzVlQyRnQmDcXk  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

**SHA 256:** bea312ccbc8a912d4322b45ea64d69bb3add4d818fd1eb7723260b11d76a138a  
**MD5:** 200206279107f4a2bb1832e3fcd7d64c  
**Typical Filename:** lsgkozfm.bat  
**Claimed Product:** N/A  
**Detection Name:** Win.Dropper.Scar::tpd

There is no real fix to the security issues recently found in GitHub and other similar software

Bitbucket Branch Source Plugin 886.v44cf5e4ecec5 and earlier prints the Bitbucket OAuth access token as part of the Bitbucket URL in the build log in some cases.

Bitbucket Branch Source Plugin 887.va_d359b_3d2d8d does not include the Bitbucket OAuth access token as part of the Bitbucket URL in the build log.


Skip to content

**Navigation Menu**

*   *   Actions
        
        Automate any workflow
        
    *   Packages
        
        Host and manage packages
        
    *   Security
        
        Find and fix vulnerabilities
        
    *   Codespaces
        
        Instant dev environments
        
    *   GitHub Copilot
        
        Write better code with AI
        
    *   Code review
        
        Manage code changes
        
    *   Issues
        
        Plan and track work
        
    *   Discussions
        
        Collaborate outside of code
        
    

*   *   GitHub Sponsors
        
        Fund open source developers
        
    
    *   The ReadME Project
        
        GitHub community articles
        
    
*   *   Enterprise platform
        
        AI-powered developer platform
        
    
*   Pricing

**Provide feedback**

**Saved searches****Use saved searches to filter your results more quickly**

Sign up

1.  GitHub Advisory Database
2.  GitHub Reviewed
3.  CVE-2024-39460

**Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin**

Moderate severity GitHub Reviewed Published Jun 26, 2024 to the GitHub Advisory Database • Updated Jun 26, 2024

**Package**

maven org.jenkins-ci.plugins:cloudbees-bitbucket-branch-source (Maven)

**Affected versions**

<= 886.v44cf5e4ecec5

**Description**

Published to the GitHub Advisory Database

Jun 26, 2024

Last updated

Jun 26, 2024

GHSA-x8mf-jcmf-r79f: Bitbucket OAuth access token exposed in the build log by Bitbucket Branch Source Plugin 

PRESS RELEASE

TEL AVIV, Israel, June 06, 2024 (GLOBE NEWSWIRE) -- Backslash Security, today unveiled expansive new platform capabilities. With a broad roster of new on-premises integrations, security team workflow integrations and automation features, CI/CD integrations, and bolstered language support, Backslash now serves the full software development lifecycle and further supports the application security needs of large enterprises.

“There are two core elements that make AppSec teams successful – one is cutting through the noise to prioritize truly reachable and exploitable vulnerabilities; the other is building confidence with our developers to trust that the risks we flag are real, and worth their effort to investigate and fix,” said Shane Garoutte, Head of Security & Compliance at Capital Rx. “Backslash’s focus on reachability analysis enables us to achieve both, and with the platform’s expanded capabilities, we can also work seamlessly with DevOps to integrate security throughout the software development lifecycle.”

Backslash combines SCA, SAST, SBOM, VEX, and secrets detection to replace outdated legacy SAST and SCA tools with a single, enterprise-ready platform that uncovers the most critical risks through reachability analysis. Newly released enhancements to the Backslash platform include:

Extended support for large enterprise use cases: 

*   Integrations with Github Enterprise On-Premise, Github Enterprise Server, Gitlab On-Premise and Bitbucket On-Premise enable seamless connection to enterprise on-premises codebases.
    
*   Extended language support adds C, C++, Ruby, Rust and Scala to Backslash’s existing language portfolio to serve diverse technology stacks and secure the entire codebase, including third party libraries and dependencies.
    
*   Role-based access controls enable enterprises to easily manage access to the Backslash platform for large and varied user bases across the organization.
    

Security team workflow enhancements: New automation policies and actions features enable Backslash users to specify security workflows and automatically create tickets and notifications with the following collaboration platforms: Jira, Monday.com, ServiceNow, Slack and Microsoft Teams.

CI/CD integrations for DevSecOps support: Integrations with Gitlab Pipelines, Github Actions and Azure Pipelines enable DevOps teams to implement DevSecOps processes and prevent new issues from being introduced in the pull request and CI/CD stages.

Reachability analysis enhancements:

*   Phantom packages are packages not defined or controlled by the app developer but introduced by a transitive one, escaping the developer's control and potentially introducing vulnerable versions into the application. Backslash detects these phantom packages in OSS code, even if they are not declared in manifest files.
    
*   Backslash Security’s reachability analysis identifies vulnerable transitive packages, helping developers understand which vulnerabilities are actually in use and therefore exploitable within their codebase, allowing them to prioritize what to fix.
    
*   New UI features bolster reachability evidence by showing code references for each reachable path.
    

"Backslash enables enterprises to prioritize truly critical code risks and facilitate trust among the many teams and stakeholders within the software development lifecycle," said Yossi Pik, co-founder and CTO of Backslash Security. "These latest enhancements automate key AppSec tasks, ensure issues are handled according to the correct priorities, and integrate smoothly into organizational workflows, all while strengthening our reachability analysis to provide enterprise security teams with incomparable results."

Start a free trial with full access to the Backslash platform via a pre-configured demo environment that includes SAST, SCA, phantom packages, VEX, SBOM, secrets, and more, now available at backslash.security/trial.

About Backslash  
Backslash's fusion of SAST and SCA empowers enterprise AppSec teams to focus on fixing only the reachable, exploitable code vulnerabilities. By identifying authentic attack paths pointed at reachable code, Backslash empowers security teams to focus on rectifying only the code and open-source software (OSS) components that are actively in use and accessible to potential attackers. Thanks to this precision, Backslash enables teams to fix only the vulnerable code and OSS that indeed needs addressing – the reachable, exploitable components.

Backed by StageOne Ventures, First Rays Venture Partners, D. E. Shaw & Co., and a roster of security veterans as angel investors, Backslash has been deployed across leading technology organizations and Fortune 100 companies. Learn more at https://www.backslash.security/.

Backslash Unveils Enterprise-Grade Capabilities to its Reachability-Based AppSec Platform

By Owais Sultan
WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small…
This is a post from HackRead.com Read the original post: The Essential Tools and Plugins for WordPress Development

WordPress, a widely used content management system, owes a great deal of its flexibility to plugins. These small software components effortlessly improve the functionality of your website. Having the right resources and tools is crucial for developers venturing into WordPress development services. Let’s explore the essential elements that can facilitate and enhance your journey in this field.

****Essential Tools for WordPress Development****

WordPress powers millions of websites worldwide (472 million), from personal blogs to enterprise-level e-commerce platforms. Developers face challenges in such a diverse ecosystem, from writing clean and efficient code to ensuring seamless website deployment and maintenance. The right tools act as enablers, empowering developers to navigate these challenges easily and precisely.

****Code Editors****

Choosing a suitable code editor is akin to selecting the right brush for an artist. Versatile editors like Visual Studio Code or Sublime Text provide many features such as syntax highlighting, auto-completion, and Git integration. These features enhance productivity and foster a conducive environment for writing clean, maintainable code.

****Local Development Environments****

Developing and testing WordPress websites on a live server can be risky and inefficient. Local development environments, facilitated by tools like XAMPP, MAMP, or Docker, provide a safe and controlled environment for experimentation and iteration. Developers can test new features, plugins, and themes without fearing disrupting the live website, ensuring a seamless user experience upon deployment.

****Version Control Systems****

Version control systems like Git are the backbone of efficient teamwork in a collaborative development environment. Paired with platforms like GitHub or Bitbucket, these systems enable developers to manage code changes seamlessly, collaborate with team members in real time, and maintain a comprehensive project history. This fosters a cohesive and organized development environment, ensuring everyone is on the same page throughout the development lifecycle.

****Debugging Tools****

No code is perfect, and debugging is inevitable in the development process. Specialized debugging tools like Query Monitor or Debug Bar provide developers with invaluable insights into the inner workings of their WordPress projects. These tools are indispensable for maintaining a robust and efficient website, from identifying and troubleshooting issues to monitoring performance and optimizing the codebase.

****Must-Have Plugins for WordPress Development****

WordPress’s flexibility and extensibility are key factors contributing to its popularity among developers worldwide. However, the sheer volume of available plugins can be overwhelming, making it essential for developers to discern and integrate the most suitable ones into their projects. Here’s why selecting the right plugins is imperative for effective WordPress development:

****SEO Plugins****

Optimizing websites for search engines is essential for driving organic traffic and enhancing visibility. SEO plugins like Yoast SEO or Rank Math provide developers with robust tools to optimize their WordPress sites effectively. Features such as XML sitemap generation, meta tag optimization, and comprehensive content analysis empower developers to bolster their site’s visibility and relevance in search engine results, increasing organic traffic and user engagement.

****Performance Optimization Plugins****

User experience is paramount in retaining visitors and fostering engagement on WordPress websites. Performance optimization plugins such as WP Rocket or W3 Total Cache offer many optimization features to improve site speed and performance. From caching mechanisms to asset minification and lazy loading, these plugins ensure a snappier and more responsive user experience, leading to higher user satisfaction and retention.

****Security Plugins****

Protecting WordPress websites against security threats is a top priority for developers. Security plugins like Wordfence or Sucuri Security fortify the site’s defences with features such as firewall protection, malware scanning, and enhanced login security. By implementing these plugins, developers can ensure peace of mind against potential threats and vulnerabilities, safeguarding their websites and user data from malicious attacks.

****Development & Debugging Plugins****

Efficient development workflows are essential for maintaining productivity and delivering high-quality WordPress projects. Development and debugging plugins such as Query Monitor or Debug Bar streamline debugging and optimization by providing critical insights into database queries, PHP errors, and HTTP requests. By leveraging these plugins, developers can identify and address issues swiftly, ensuring the seamless operation of WordPress projects and minimizing development time.

****Elevate Your WordPress Development Experience****

Integrating these indispensable tools and plugins into your WordPress development arsenal empowers you to transcend boundaries, streamline processes, and unlock the full potential of your projects. By staying abreast of the latest advancements in the WordPress ecosystem, you can continually refine and optimize your development practices, fostering innovation and excellence in your endeavours.

1.  What To Look For In The Best WordPress Hosting
2.  What is WooCommerce, and Why You Should Care
3.  Kotlin app development company – How to choose
4.  Tips for Using Uploader Widgets on WordPress Blogs
5.  MySQL Performance Tuning: 5 Tips for Blazing Fast Queries

Tag

#bitbucket