Unfortunately, even though Greg was no longer around, his account was, and it retained extensive privileges, including domain admin rights, SCADA (Supervisory Control and Data Acquisition) operator access, and even the ability to perform help desk functions. It's unclear if someone from auditing ever needed this level of access, but a former employee definitely did not.
“Organizations should start by auditing their environment for the conditions that exist that leave them vulnerable to YellowKey,” said Eric Grenier, senior director analyst at Gartner. “They should also have a clear understanding of their risk acceptance in the case of a lost/stolen device and, based on that acceptance (or non-acceptance), follow the steps such as customizing Secure Boot and ensuring firmware and Boot integrity.”.
GitHub, the world's biggest code repository and DevOps platform, fell victim to a malicious Visual Studio Code (VS Code) extension. The company's initial assessment is that only internal repositories were exfiltrated. The incident was reported by GitHub on X, with follow-up posts revealing a "poisoned VS Code extension" as the cause. The Microsoft-owned code shack continues to "analyze logs, validate secret rotation, and monitor for any follow-on activity."
“Yesterday we detected and contained a compromise of an employee device involving a poisoned VS [Visual Studio] Code extension. We removed the malicious extension version, isolated the endpoint, and began incident response immediately,” GitHub said.
Quantum Bridge announced on Wednesday that it has raised $8 million in Series A funding for its quantum-safe key distribution solution. The new funding, which brings the total raised by the company to $16 million, was supported by Wayra (Telefónica), Cadenza VC, Club degli Investitori angels, HPE, and Bacchus Venture Capital.
An attacker compromised an administrative key tied to Echo Protocol’s deployment on the Monad blockchain network and used it to mint 1,000 eBTC tokens valued at about $76.7 million. The attacker granted their own wallet minting privileges, then deposited 45 eBTC as collateral into the Curvance decentralized lending protocol. Using that collateral, the attacker borrowed 11.29 WBTC, bridged the borrowed assets to Ethereum, swapped them for ETH, and sent about 385 ETH into Tornado Cash.
Grafana has confirmed that an unauthorized party gained access to its GitHub environment after obtaining a compromised token, allowing the attacker to download parts of its codebase. In a public statement shared on X, the company said its investigation found no evidence that customer data or personal information was accessed and that no evidence that customer systems or operations were affected. The breach was discovered after unusual activity triggered a forensic investigation.
Analyst Eric Heath raised the firm’s price target on Okta to $103 from $95 and kept an Overweight rating on the shares, citing a sharper outlook for enterprise security spending in the back half of the year.
