THN Weekly Recap: GitHub Supply Chain Attack, AI Malware, BYOVD Tactics, and More

Summary: Recent cyber threats highlight vulnerabilities in open-source tools, escalating ad fraud through mobile apps, and advanced ransomware tactics targeting critical defenses. Notably, attacks have leveraged AI, and a supply chain breach at Coinbase exemplifies these risks. A rise in stolen credentials further underscores the urgent need for improved cybersecurity measures.

Affected: Coinbase, Google Play Store Apps, Microsoft Azure, North Korean Cyber Operations

Keypoints :

• Coinbase faced a targeted supply chain breach through GitHub Actions, leaking CI/CD secrets.
• StilachiRAT is a remote access trojan bundling multiple malicious functionalities, evading detection.
• Over 300 Android apps were involved in a large-scale ad fraud campaign, affecting millions of users.
• Medusa ransomware utilized a malicious driver to disable security tools, highlighting growing ransomware sophistication.
• North Korea is strengthening its hacking capabilities with a new intelligence unit focused on offensive cyber operations.
• AI is accelerating cybercrime tactics, enabling criminals to conduct sophisticated scams and operations.
• Microsoft Azure’s misconfiguration risks exposing private resources, presenting a vulnerability for organizations.
• Apple fixed a critical bug in its Passwords app that could expose user credentials over unencrypted connections.
• Cybercriminals have stolen 3.2 billion credentials in 2024, with information stealers accounting for a large portion of breaches.