357: Malware in Microsoft's GitHub Repo?!

Cheats, breaches, and weaknesses abound on this week's Technado! Cybercriminals are threatening to leak millions of records from the World-Check database, and millions more were affected by this week's Frontier Communications broadband shutdown. In our biggest story of the week, MITRE got pwned by nation-state hackers via our old friends, the Ivanti zero-days. CrushFTP is dealing with a vuln that lets attackers download system files, and our Don't Make No Sense feature is a twofer: fake game cheats are being used to spread malware, and it all started with...Microsoft's GitHub repo?

Of course, it wouldn't be Technado without a deep dive, and this one's a doozy: a SafeBreach researcher uncovered FOUR CVEs by exploiting a long-standing issue that supports Windows backwards-compatibility.

Like what you heard? Check this episode's stories below:

https://www.theregister.com/2024/04/19/cybercriminals_threaten_to_leak_all/
https://www.itpro.com/security/cyber-attack-takes-frontier-communications-systems-offline-affecting-millions-of-broadband-customers
https://www.helpnetsecurity.com/2024/04/22/mitre-breached/
https://www.infosecurity-magazine.com/news/crushftp-file-transfer/
https://thehackernews.com/2024/04/new-redline-stealer-variant-disguised.html
https://www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
https://www.safebreach.com/blog/magicdot-a-hackers-magic-show-of-disappearing-dots-and-spaces/