Security News

Threat actors are auctioning the alleged source code for Riot Game's League of Legends and the Packman anti-cheat software, confirmed to be stolen in a recent hack of the game company's developer environment. Last Friday, Riot Games disclosed that its development environment had been hacked, allowing threat actors to steal source code for League of Legends, Teamfight Tactics, and the company's Packman legacy anti-cheat platform.

A Chinese-speaking hacking group tracked as 'DragonSpark' was observed employing Golang source code interpretation to evade detection while launching espionage attacks against organizations in East Asia. What makes the campaign stand out is the use of Golang source code iterpretation to execute code from Go scripts embedded in the malware binaries.

The Android malware family tracked as SpyNote has had a sudden increase in detections in the final quarter of 2022, which is attributed to a source code leak of one of its latest, known as 'CypherRat. Threat actors quickly snatched the malware's source code and launched their own campaigns.

Intruders copied source code belonging to Okta after breaching the identity management company's GitHub repositories. Okta was alerted by Microsoft-owned GitHub earlier this month of "Suspicious access" to its code repositories and determined that miscreants copied code associated with the company's Workforce Identity Cloud, an enterprise-facing access and identity management tool to enable workers and partners to work from anywhere.

Okta, a company that provides identity and access management services, disclosed on Wednesday that some of its source code repositories were accessed in an unauthorized manner earlier this month. The security event, which was first reported by Bleeping Computer, involved unidentified threat actors gaining access to the Okta Workforce Identity Cloud code repositories hosted on GitHub.

Okta, a leading provider of authentication services and Identity and Access Management solutions, says that its private GitHub source code repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code.

Okta, a leading provider of authentication services and Identity and Access Management solutions, says that its private GitHub source code repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code.

The weakness was just one recent example of a backdoor in open source software for attackers to sneak malicious code onto developer and end-user systems. If experts identify the software supply as a key security challenge for 2023, the Log4j phenomenon - not to mention the much-better known SolarWinds incursion in 2019 - shed light on how protecting the process could be difficult: A vast amount of commercial software is not written in-house.

Twitter is reportedly working on finally adding end-to-end encryption for direct messages exchanged between users on the social media platform. Twitter had attempted to prototype an E2EE system back in 2018, naming it "Secret Conversation," but it never materialized as a finished product and was later abandoned.

File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub."These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company revealed in an advisory.