Top stories.
- GitHub discloses breach of 3,800 internal code repositories.
- Microsoft disrupts malware signing service.
- Business news: Akamai to acquire LayerX for $205 million.
GitHub discloses breach of 3,800 internal code repositories.
GitHub has confirmed that a Trojanized VS Code extension compromised around 3,800 internal repositories, BleepingComputer reports. GitHub stated, "[W]e detected and contained a compromise of an employee device involving a poisoned VS Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately." The company added, "While we currently have no evidence of impact to customer information stored outside of GitHub’s internal repositories (such as our customers’ enterprises, organizations, and repositories), we are closely monitoring our infrastructure for follow-on activity."
The TeamPCP threat actor claimed responsibility for the breach, and is selling the stolen data for $50,000. The group says it will release the data for free if a buyer isn't found. GitHub noted, "The attacker’s current claims of ~3,800 repositories are directionally consistent with our investigation so far."
Microsoft disrupts malware signing service.
Microsoft used a court order to disrupt the Fox Tempest malware-signing-as-a-service (MSaaS), which allowed threat actors to disguise malware as legitimate software by abusing code-signing tools. Microsoft stated, "To disrupt the service, we seized Fox Tempest’s website signspace[.]cloud, took offline hundreds of the virtual machines running the operation, and blocked access to a site hosting the underlying code. This action builds upon persistent internal efforts to revoke fraudulently obtained code‑signing certificates and enhance our defenses and employ new security features to detect and thwart such malicious activity."
The lawsuit also names the Vanilla Tempest ransomware group as a co-conspirator, alleging that the gang "used the service to deploy malware like Oyster, Lumma Stealer, and Vidar, and ransomware, including Rhysida, in multiple recent cyberattacks."
Business news: Akamai to acquire LayerX for $205 million.
Akamai has agreed to acquire Israeli browser security company LayerX for $205 million. Akamai stated, "LayerX employees, including Co-Founders Or Eshed and David Vaisbrud, will join Akamai’s Zero Trust organization. As Akamai’s fourth Tel Aviv–based cybersecurity acquisition in the past five years, LayerX will further the technical depth and expertise of its growing cybersecurity innovation hub in the region."
Read more in the Business Briefing at 4pm ET.
