Hot off the press Cyber Security Today: 3 app warnings

TLDR: Researchers have warned application developers about three potential threats to their software development process. Firstly, the abuse of GitHub’s platform by threat actors is increasing, with malware being left by actors hoping developers will download infected code snippets. Second, a report by security researcher John Stawinksi shows how platforms, such as GitHub and AWS, can be manipulated, highlighting the need for developers to carefully vet and secure their software supply chains. Finally, developers using the GitLab DevOps software have been urged to update to the latest version, as there are two critical vulnerabilities that can be exploited to gain unauthorized account access. In other news, Framework, a modular laptop manufacturer, has notified customers of a data breach caused by an employee who fell for a phishing attack. The breach resulted in the theft of customer information. Singing River Health System has also announced a data theft incident that occurred during a ransomware attack last year, compromising the personal data of over 250,000 individuals. American actuarial firm Milliman Inc. has increased the number of people affected by a recent data breach to over 56,000. Ukrainian police have arrested a suspect believed to be behind a cryptojacking scheme that mined over $2 million in cryptocurrencies by compromising servers of an American cloud provider. Digital currency trading company Genesis Global Trading will pay an $8 million penalty for violating New York State’s virtual currency and cybersecurity regulations. Additionally, researchers at Forescout have challenged the notion that Russia’s Sandworm hacking group was behind a cyber attack in Denmark last year, suggesting it was a mass exploitation of a vulnerability rather than a targeted attack by the group.