"As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts," the company explains.
-
"As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts," the company explains.
On April 22, as a result of their renewed access or month-long persistence, the attacker published malicious Docker images, VSCode and Open VSX extensions for Checkmarx’s KICS security scanner, which stole credentials, keys, tokens, and config files."
oh dear
-
"As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts," the company explains.
On April 22, as a result of their renewed access or month-long persistence, the attacker published malicious Docker images, VSCode and Open VSX extensions for Checkmarx’s KICS security scanner, which stole credentials, keys, tokens, and config files."
oh dear
The 'new' lapsus$ portal is https://lapsus.by - they're operating in clear web. I've written to the TLD to see if they want to yeet them.
-
"As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts," the company explains.
On April 22, as a result of their renewed access or month-long persistence, the attacker published malicious Docker images, VSCode and Open VSX extensions for Checkmarx’s KICS security scanner, which stole credentials, keys, tokens, and config files."
oh dear
@GossiTheDog im begining to think i should never download anything again
-
R relay@relay.infosec.exchange shared this topic
-
"As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts," the company explains.
On April 22, as a result of their renewed access or month-long persistence, the attacker published malicious Docker images, VSCode and Open VSX extensions for Checkmarx’s KICS security scanner, which stole credentials, keys, tokens, and config files."
oh dear
@GossiTheDog I'm glad I disabled KICS at our company after the initial Trivy breach. Had a hunch this would happen.
-
"As a result of that access, the attackers were able to interact with Checkmarx’s GitHub environment and subsequently publish malicious code to certain artifacts," the company explains.
On April 22, as a result of their renewed access or month-long persistence, the attacker published malicious Docker images, VSCode and Open VSX extensions for Checkmarx’s KICS security scanner, which stole credentials, keys, tokens, and config files."
oh dear
@GossiTheDog onion headline: the company would like the press to make note of. They are a SECURITY company and NOT a repo security company.
-
The 'new' lapsus$ portal is https://lapsus.by - they're operating in clear web. I've written to the TLD to see if they want to yeet them.
@GossiTheDog Belarus, good luck…
