Visual Studio Code (VSC) is a source-code editor published by Microsoft. Researchers have found it surprisingly easy to upload malicious Visual Studio Code extensions to the VSCode Marketplace, and discovered signs of threat actors already exploiting this weakness. What’s the craic? Bill Toulas reports - “ VSCode Marketplace can be abused to host malicious extensions ”: “ Over 27 million downloads” Not to mention: Apollo 12’s tricky error. Your humble blogwatcher curated these bloggy bits for your entertainment. The same problem may also be present in Visual Studio and Azure DevOps. In this week’s Secure Software Blogwatch, we run and hide. It’s a nasty problem that’s not getting enough attention. If you unwittingly install a malicious extension, bad actors can get access to your code to inject back doors, steal your credentials, drop malware or use your login to move laterally.
And those spoofed extensions are incredibly hard to detect. It’s super easy to spoof Visual Studio Code extensions.
0 kommentar(er)
