When fixing zero day vulnerabilities, you might download a proof of concept script to determine if the vulnerability has been properly addressed. You might do a web search to find that proof of concept and most probably download the program from a GitHub repository. Beware of who you’re downloading from as hackers are impersonating cybersecurity researchers on Twitter and GitHub and publishing fake proof of concept scripts that are actually infected with malware. One such example is a fake cybersecurity company named “High Sierra Cyber Security”. The repositories appear legit as the GitHub maintainers for those repositories are impersonating real security researchers from respected cyber organisations. The malicious isn’t hosted on the GitHub repository, but instead the malware is downloaded when the script is run. The script targets both Windows and Linux machines. Be careful when downloading scripts from unknown repositories as impersonation is always possible. And it is imperative that all code be scrutinized for malicious behaviour.
This segment was created for the It’s 5:05 podcast