⚡ Webinar ▶ Level-Up SaaS Security: A Comprehensive Guide to ITDR and SSPM Save Your Seat
#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Get the Free Newsletter
CrowdSec

Visual Studio | Breaking Cybersecurity News | The Hacker News

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

Researchers Uncover Publisher Spoofing Bug in Microsoft Visual Studio Installer

Jun 12, 2023 Vulnerability / Software
Security researchers have warned about an "easily exploitable" flaw in the Microsoft Visual Studio installer that could be abused by a malicious actor to impersonate a legitimate publisher and distribute malicious extensions. "A threat actor could impersonate a popular publisher and issue a malicious extension to compromise a targeted system," Varonis researcher Dolev Taler  said . "Malicious extensions have been used to steal sensitive information, silently access and change code, or take full control of a system." The vulnerability, which is tracked as  CVE-2023-28299  (CVSS score: 5.5), was addressed by Microsoft as part of its  Patch Tuesday updates  for April 2023, describing it as a spoofing flaw. The bug discovered by Varonis has to do with the Visual Studio user interface, which allows for spoofed publisher digital signatures. Specifically, it trivially bypasses a restriction that prevents users from entering information in the "product
Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

Hackers Can Abuse Legitimate GitHub Codespaces Feature to Deliver Malware

Jan 17, 2023 Threat Response / Malware
New research has found that it is possible for threat actors to abuse a legitimate feature in GitHub Codespaces to deliver malware to victim systems. GitHub Codespaces  is a cloud-based configurable development environment that allows users to debug, maintain, and commit changes to a given codebase from a web browser or via an integration in Visual Studio Code. It also comes with a port forwarding feature that makes it possible to access a web application that's running on a particular port within the codespace directly from the browser on a local machine for testing and debugging purposes. "You can also forward a port manually, label forwarded ports, share forwarded ports with members of your organization, share forwarded ports publicly, and add forwarded ports to the codespace configuration," GitHub  explains  in its documentation. It's  important  to note here that any forwarded port that's made public will also permit any party with knowledge of the URL
cyber security

external linkFinally, Everyone Can (and Should) Ensure Essential SaaS Security

websiteWing SecuritySaaS Security / Compliance
This new product will help you achieve the baseline requirements for ensuring safe SaaS usage.
Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

Hackers Can Abuse Visual Studio Marketplace to Target Developers with Malicious Extensions

Jan 09, 2023 Supply Chain / CodeSec
A new attack vector targeting the Visual Studio Code extensions marketplace could be leveraged to upload rogue extensions masquerading as their legitimate counterparts with the goal of mounting supply chain attacks. The technique "could act as an entry point for an attack on many organizations," Aqua security researcher Ilay Goldman  said  in a report published last week. VS Code extensions, curated via a  marketplace  made available by Microsoft, allow developers to add programming languages, debuggers, and tools to the VS Code source-code editor to augment their workflows.  "All extensions run with the privileges of the user that has opened the VS Code without any sandbox," Goldman said, explaining the potential risks of using VS Code extensions. "This means that the extension can install any program on your computer including ransomwares, wipers, and more." To that end, Aqua found that not only is it possible for a threat actor to impersonate a po
Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

Newly Discovered Bugs in VSCode Extensions Could Lead to Supply Chain Attacks

May 27, 2021
Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some of the extensions in question are "LaTeX Workshop," "Rainbow Fart," "Open in Default Browser," and "Instant Markdown," all of which have cumulatively racked up about two million installations between them. "Developer machines usually hold significant credentials, allowing them (directly or indirectly) to interact with many parts of the product," researchers from open-source security platform Snyk  said  in a deep-dive published on May 26. "Leaking a developer's private key can allow a malicious stakeholder to clone important
Cybersecurity Resources