TECH NEWS

Megalodon chums the waters in 5.5K+ GitHub repo poisonings

https://image.theregister.com/227881.jpg?imageId=227881&x=0&y=0&cropw=100&croph=100&panox=0&panoy=0&panow=100&panoh=100&width=1200&height=683

A malware-spreading scumbag swimming through GitHub pushed malicious commits to more than 5,500 repositories on Monday as part of an automated campaign called Megalodon.

Similar to the earlier TeamPCP attacks that poisoned about 3,800 GitHub repositories, this new campaign has so far infected 5,561 repos with CI/CD credential-stealing malware, according to SafeDep researchers, who uncovered the predatory commits and published a full list of the compromised repositories.

If a repository owner merges the commit, the malware executes inside their CI/CD pipeline and propagates further, Ox Security lead researcher Moshe Siman Tov Bustan said in a Thursday blog post.

Megalodon steals AWS secret keys and Google Cloud access tokens. It also queries AWS, Google Cloud Platform, and Azure metadata for instance role credentials, reads SSH private keys, Docker and Kubernetes configurations, Vault tokens, Terraform credentials, and scans source code for more than 30 secret regex patterns. Then it exfiltrates GitHub...

Copyright of this story solely belongs to theregister.com. To see the full text click HERE

Read more

https://cdn.mos.cms.futurecdn.net/ehAdgXrX3VNzPK8YY2tx76-602-80.png

'We wanted to make a new and unique story, where fans will recognize moments throughout as they're playing' — TT Games on creating a new adventure and how it squeezed decades of superhero history into Lego Batman: Legacy of the Dark Knight

As superheroes go, it’s hard to look beyond the unmistakable, Chiropteran-shaped searchlight that has dominated the troubled skylines of Batman’s adventures since he first swooped into view. No disrespect to The Scarlet Pimpernel, Tarzan, and Buck Rogers, who all emerged in the years before Bruce Wayne’s crime-fighting