#44 - Intel Chat: Fake GitHub repos, NPM poison, Vidar, Mac malware, Tsunami DDOS, Cl0p reward, and the EDR killer: Spyboy

Show Notes

In this episode of The Cybersecurity Defenders Podcast, we discuss some cutting-edge intel coming out of LimaCharlie's community Slack channel.

• VulnCheck comes across a malicious GitHub repository that is claimed to be a Signal 0-day.
• CheckMarx are reporting that Without altering a single line of code, attackers poisoned the NPM package “bignum” by hijacking a S3 bucket.
• Team CYMRU has released a detailed publication on Vidar infrastructure which encompasses both the primary administrative aspects and the underlying backend. 
• Bit Defender Mac researchers stumbled upon a small set of files with backdoor capabilities that seem to form part of a more complex malware toolkit. 
• Researchers have found an unofficial package called 'https' that exists on NPM with over 1600 other packages that depend on it.
• An attack campaign that consists of the Tsunami DDoS Bot being installed on inadequately managed Linux SSH servers.
• Cl0p rewards of up to $10 million are being offered by the U.S. State Department's Rewards for Justice program.
• SentinelOne is reporting on the Terminator EDR killer - Spyboy. 

The Cybersecurity Defenders Podcast: a show about cybersecurity and the people that defend the internet.