Recently, attackers have been utilizing the continuous integration/continuous delivery (CI/CD) features on GitHub (GitHub Actions) to merge unauthorized cryptocurrency miners into repositories. The attackers will fork a repository, include the miner, then create a massive number of pull requests for all of the originating repositories with the included miner code. The attackers are using the Monero miner XMRig and a miner known as npm.exe (no relation to Node.js). As of right now, 90+ known repositories are being targeted, but its effectiveness has yet to be seen as diligent repository maintainers will know something suspicious is occurring by carefully checking the details of code changes in pull requests before accepting them.
Using Microsoft Sentinel to Detect Confluence CVE-2022-26134 Exploitation
By Akshay Rohatgi and Randy Pargman About this Student Research Project Binary Defense’s mission is