Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode – Page 16

Glassworm malware returns in third wave of malicious VS Code packages

The Glassworm campaign, which first emerged on the OpenVSX and Microsoft Visual Studio marketplaces in October, is now in its third wave, with 24 new packages added on the two platforms.

OpenVSX and the Microsoft Visual Studio Marketplace are both extension repositories for VS Code–compatible editors, used by developers to install language support, frameworks, tooling, themes, and other productivity add-ons.

The Microsoft marketplace is the official platform for Visual Studio Code, while OpenVSX is an open, vendor-neutral alternative used by editors who can’t or don’t use Microsoft’s proprietary store.

SmartTube YouTube app for Android TV breached to push malicious update

The popular open-source SmartTube YouTube client for Android TV was compromised after an attacker gained access to the developer’s signing keys, leading to a malicious update being pushed to users.

The compromise became known when multiple users reported that Play Protect, Android’s built-in antivirus module, blocked SmartTube on their devices and warned them of a risk.

The developer of SmartTube, Yuriy Yuliskov, admitted that his digital keys were compromised late last week, leading to the injection of malware into the app.

MS Teams Guest Access Can Remove Defender Protection When Users Join External Tenants

Cybersecurity researchers have shed light on a cross-tenant blind spot that allows attackers to bypass Microsoft Defender for Office 365 protections via the guest access feature in Teams.

“When users operate as guests in another tenant, their protections are determined entirely by that hosting environment, not by their home organization,” Ontinue security researcher Rhys Downing said in a report.

“These advancements increase collaboration opportunities, but they also widen the responsibility for ensuring those external environments are trustworthy and properly secured.”

GreyNoise launches free scanner to check if you’re part of a botnet

GreyNoise Labs has launched a free tool called GreyNoise IP Check that lets users check if their IP address has been observed in malicious scanning operations, like botnet and residential proxy networks.

The threat monitoring firm that tracks internet-wide activity via a global sensor network says this problem has grown significantly over the past year, with many users unknowingly helping malicious online activity.

“Over the past year, residential proxy networks have exploded and have been turning home internet connections into exit points for other people’s traffic,” explains GreyNoise.

Podcast with Chuck Brooks, Adjunct Professor at Georgetown University and President of Brooks Consulting International — Quantum Computing Report

In this episode of The Quantum Spin by HKA, host Veronica Combs discusses the intersections of quantum technology and cybersecurity with Chuck Brooks, an adjunct professor at Georgetown University and the president of Brooks Consulting International. Chuck discusses how the evolution of technology, particularly AI and quantum computing, has dramatically transformed cybersecurity. The conversation also touches on the role of CISOs, the integration of new technologies, and the importance of ongoing education and adaptation in the face of rapidly changing technologies.

00:00 Introduction to Quantum Spin Podcast 00:34 Guest Introduction: Chuck Brooks 00:46 Chuck Brooks’ Career Journey 02:09 Evolution of Cybersecurity 02:47 Challenges for CISOs 04:27 Quantum Computing and Cybersecurity 07:43 Future of Quantum and AI 10:51 Disruptive Technologies in Organizations 15:15 AI in Academia and Professional Use 17:06 Effective Communication on LinkedIn 18:23 Conclusion and Podcast Information.

Chuck Brooks serves as President of Brooks Consulting International with over 25 years of experience in cybersecurity, emerging technologies, marketing, business development, and government relations. He also is an Adjunct Professor at Georgetown University in the Cyber Risk Management Program, where he teaches graduate courses on risk management, homeland security, and cybersecurity.

/* */