Heavy fighting continues with negligible changes to the lines. Read More
The CyberWire
The all in one place for non-profit security aid.
New GitHub AI-Powered Tool Can Automatically Fix Code Vulnerabilities
[[{“value”:”
In a groundbreaking move to enhance code security, GitHub has announced the launch of a new feature called “code scanning autofix,” which leverages the power of GitHub Copilot and CodeQL to resolve code vulnerabilities automatically.
This innovative tool is designed to streamline the process of identifying and fixing security issues within codebases, marking a significant step forward in automated code maintenance and security practices.
The introduction of code scanning autofix represents a major leap in developers’ approaches to code security.
By integrating the capabilities of GitHub Copilot, the AI pair programmer, with CodeQL, GitHub’s industry-leading semantic code analysis engine, the new tool offers a seamless solution for automatically detecting and rectifying security flaws.
Image Credits: GitHub
GitHub writes today, “Security teams will also benefit from a reduced volume of everyday vulnerabilities, so they can focus on strategies to protect the business while keeping up with an accelerated pace of development.”
The auto-fix feature is built into GitHub’s code-scanning process. When a potential security vulnerability is detected, the tool not only alerts the developers but also suggests a fix, generated by the AI based on the context of the code.
This saves time and helps maintain a high standard of code quality and security. GitHub utilizes the GPT-4 model from OpenAI to provide the fixes and explanations for them.
GitHub is inviting organizations new to the platform or those not yet adopted GitHub Advanced Security to try out code scanning autofix. Interested parties can contact GitHub to request a demo and set up a free trial.
This initiative is part of GitHub’s broader effort to standardize workflows and establish best practices using GitHub Projects, aiming to enhance collaboration and alignment within and across development teams.
Document
Alert Fatigue that helps no one as security teams need to triage 100s of vulnerabilities.
:
The problem of vulnerability fatigue today
Difference between CVSS-specific vulnerability vs risk-based vulnerability
Evaluating vulnerabilities based on the business impact/risk
Automation to reduce alert fatigue and enhance security posture significantly
AcuRisQ, that helps you to quantify risk accurately:
With cybersecurity’s ever-increasing importance, GitHub’s new autofix tool is poised to play a crucial role in helping developers keep their codebases secure. By automating the detection and fixing of vulnerabilities, GitHub simplifies the developers’ workload and contributes to creating a safer digital environment.
Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.
The post New GitHub AI-Powered Tool Can Automatically Fix Code Vulnerabilities appeared first on Cyber Security News.
“}]] Read More
Cyber Security News
Callback Phishing Attacks Using Google Groups To Steal Login Details
Phishing attacks are deceptive schemes where attackers impersonate reputable entities to trick individuals into revealing “sensitive information.”
These attacks often occur via email using urgent language to prompt victims to click on “malicious links” or “download harmful attachments.”
Trustwave cybersecurity analysts recently warned of Callback Phishing attacks that target Google groups to steal login details.
Trustwave SpiderLabs documented a significant surge of “140%” in “callback phishing attacks” (aka “Telephone-Oriented Attack Delivery” or “TOAD”) between July and September.
They discovered that the attacks evolved from their earlier discovery of a “fake order spam scheme” via Google Groups.
Join ANY.RUN’s FREE webinar on How to Improve Threat Investigations on Oct 23 – Register Here
This sophisticated “hybrid cyberattack” combines “traditional email phishing” with “social engineering” via “phone calls,” where threat actors employ various “TTPs.”
The attack begins with “phishing emails containing text obfuscation” (‘using base64 encoding’ and ‘invisible characters’), “image-based spam” (‘.gif files’), or “document-based lures” (‘PDF,’ ‘.txt,’ ‘.doc’ formats) impersonating legitimate brands.
These emails prompt victims to call provided phone numbers about “fake invoices” or “account terminations” and not only that even they often evade “text-based spam filters.”
The attack then decides into three primary vectors:-
Vishing (voice phishing) for stealing PII and banking credentials.
Malware deployment (like “BazarCall” distributing “BazarLoader malware”).
Remote access exploitation (as seen in “Luna Moth campaigns”).
The scheme’s effectiveness stems from its “dual-channel approach,” which helps in incorporating “real-time social manipulation” via “phone calls,” “delayed detection due to minimal digital footprints,” and “integration with legitimate services like Calendly for scheduling fraudulent support calls.”
These things make it particularly challenging for traditional security measures to detect and prevent.
Financial platforms are experiencing sophisticated cybersecurity breaches where attackers exploit legitimate services like “PayPal,” “Xero,” “QuickBooks,” and “HoneyBook” via “callback phishing.”
These attacks leverage authentic email authentication protocols like “DKIM” (‘DomainKeys Identified Mail’) signatures and “platform-specific header stamps,” to evade security measures.
The attackers create fraudulent payment requests and invoices by sending them first to “dummy email addresses” before “forwarding them to actual victims,” thereby evading “email authentication checks.”
The malicious emails contain legitimate “From” addresses, “authentic platform links,” and “genuine website redirects,” which makes them particularly deceptive.
However, the distinguishing red flags include “suspicious payment notes,” “mismatched “To” addresses using newly registered domains,” and “fraudulent customer service phone numbers.”
This attack vector is particularly effective as it combines “social engineering” with “technical legitimacy” under which the emails pass through “security filters” since they originate from trusted financial platforms, yet they incorporate urgency triggers like “overdue payments” or “account anomalies” to manipulate victims into calling fake support numbers.
The process illustrates a sophisticated evolution of “TOAD” where attackers exploit the inherent trust in established financial platforms’ infrastructure while maintaining the human manipulation aspect of traditional phishing schemes.
Here below we have mentioned all the recommendations:-
Be cautious of uninvited emails.
Use official contacts, not email-provided numbers.
Don’t share personal info on calls.
Monitor bank accounts and report irregularities.
Stay updated on phishing and also train employees.
Free Webinar on How to Protect Small Businesses Against Advanced Cyberthreats -> Watch Here
The post Callback Phishing Attacks Using Google Groups To Steal Login Details appeared first on Cyber Security News.
Malicious PowerShell script pushing malware looks AI-written
A threat actor is using a PowerShell script that was likely created with the help of an artificial intelligence system such as OpenAI’s ChatGPT, Google’s Gemini, or Microsoft’s CoPilot. […] Read More
BleepingComputer