Airdrop | Breaking Cybersecurity News | The Hacker News

Threat actors are now taking advantage of GitHub's search functionality to trick unsuspecting users looking for popular repositories into downloading spurious counterparts that serve malware. The latest assault on the open-source software supply chain involves concealing malicious code within Microsoft Visual Code project files that's designed to download next-stage payloads from a remote URL, Checkmarx  said  in a report shared with The Hacker News. "Attackers create malicious repositories with popular names and topics, using techniques like automated updates and fake stars to boost search rankings and deceive users," security researcher Yehuda Gelb said. The idea is to manipulate the search rankings in GitHub and bring threat actor-controlled repositories to the top when users filter and sort their results based on the most recent updates by consistently committing small changes to a file named "log," and increase the popularity via bogus stars added v

The operators behind the now-defunct  Inferno Drainer  created more than 16,000 unique malicious domains over a span of one year between 2022 and 2023. The scheme "leveraged high-quality phishing pages to lure unsuspecting users into connecting their cryptocurrency wallets with the attackers' infrastructure that spoofed Web3 protocols to trick victims into authorizing transactions," Singapore-headquartered Group-IB  said  in a report shared with The Hacker News. Inferno Drainer, which was active from  November 2022 to November 2023 , is estimated to have reaped over  $87 million in illicit profits  by scamming more than 137,000 victims. The malware is part of a broader set of similar offerings that are available to affiliates under the scam-as-a-service (or drainer-as-a-service) model in exchange for a 20% cut of their earnings. What's more, customers of Inferno Drainer could either upload the malware to their own phishing sites, or make use of the developer's service for creatin

Social media accounts help shape a brand's identity and reputation. These public forums engage directly with customers as they are a hub to connect, share content and answer questions. However, despite the high profile role these accounts have, many organizations overlook social media account security. Many lack the safeguards to prevent unauthorized access — a situation no organization wants as it can quickly spiral to include reputational damage and financial losses.  With the impact this high, the need for deep understanding of social media risks as well as how to protect an organization's social media account are more crucial than ever. This article dives into the details of social media accounts, how social media can be misused and how to protect oneself. Understanding the Layers of Social Media Access Platforms like Facebook, Instagram, and LinkedIn typically have two layers of access.  The Public Facing Page : where brands post content and engage with users.  The Advertis