Visual Studio Archives - Cyber Security Minute

Visual Studio Code Has a Malicious Extension Problem

Issued by: DataBreach Today

Cybersecurity researchers said an experiment in developing a fake, malicious extension for the world’s most popular integrated development environment succeeded beyond their wildest expectations. Researchers Amit Assaraf, Itay Kruk, and Idan Dardikman uploaded an extension to Microsoft source code editing platform Visual Studio Code masquerading as “Dracula Official,” a color theme that records nearly 7.2…

Vulnerabilities

Vulnerabilities in Visual Studio Code Extensions Expose Developers to Attacks

Issued by: Security Week

Generally considered secure, VS Code extensions could expose millions of developers to malicious attacks, potentially leading to the compromise of information stored on developer machines, such as credentials, or even opening the route to further attacks. Snyk’s security researchers analyzed popular VS Code extensions that start web servers, which are typically accessible locally via a…

Malware & Threats

Microsoft Build Engine Abused for Fileless Malware Delivery

Issued by: Security Week

Described as the build platform for Microsoft and Visual Studio, MSBuild has a feature that allows developers to specify for code to be executed in memory, and adversaries have abused this in a new campaign for the fileless delivery of their malicious payloads. The attacks, which were ongoing last week, likely started in April. As…