#github-codespaces

[ follow ]
#supply-chain-attack #vs-code-configuration #secrets-exfiltration #ddos-botnet #docker-misconfiguration
Information security
fromSecurityWeek
1 day ago

VS Code Configs Expose GitHub Codespaces to Attacks

Automatic execution of VS Code configuration files in GitHub Codespaces can enable repository-based supply chain attacks that execute malicious commands and exfiltrate secrets.
fromSecurityWeek
4 months ago

ShadowV2 DDoS Service Lets Customers Self-Manage Attacks

A newly discovered distributed denial-of-service (DDoS) botnet targets misconfigured Docker containers for infection and offers a new service model where customers launch their own attacks, Darktrace reports. The operation, named ShadowV2, breaks the traditional DDoS service model with the use of a Python-based command-and-control (C&C) platform hosted on GitHub CodeSpaces, and a sophisticated attack toolkit that combines traditional malware with modern DevOps technology.
Information security
[ Load more ]