• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
github says hackers breached dozens of organizations using stolen oauth

GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens

You are here: Home / General Cyber Security News / GitHub Says Hackers Breached Dozens of Organizations Using Stolen OAuth Access Tokens
April 16, 2022

Cloud-based repository hosting services GitHub on Friday unveiled that it uncovered proof of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly obtain private information from several companies.

“An attacker abused stolen OAuth consumer tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to down load facts from dozens of organizations, such as NPM,” GitHub’s Mike Hanley disclosed in a report.

CyberSecurity

✔ Approved Seller From Our Partners
Mullvad VPN Discount

Protect your privacy by Mullvad VPN. Mullvad VPN is one of the famous brands in the security and privacy world. With Mullvad VPN you will not even be asked for your email address. No log policy, no data from you will be saved. Get your license key now from the official distributor of Mullvad with discount: SerialCart® (Limited Offer).

➤ Get Mullvad VPN with 12% Discount


OAuth entry tokens are normally employed by apps and companies to authorize accessibility to precise areas of a user’s information and connect with every other devoid of getting to share the genuine qualifications. It’s just one of the most widespread strategies employed to move authorization from a one indication-on (SSO) support to an additional software.

As of April 15, 2022, the listing of affected OAuth programs is as follows –

  • Heroku Dashboard (ID: 145909)
  • Heroku Dashboard (ID: 628778)
  • Heroku Dashboard – Preview (ID: 313468)
  • Heroku Dashboard – Vintage (ID: 363831), and
  • Travis CI (ID: 9216)

The OAuth tokens are not said to have been attained by way of a breach of GitHub or its programs, the business said, as it would not store the tokens in their initial, usable formats.

Moreover, GitHub warned that the menace actor may well be analyzing the downloaded private repository contents from sufferer entities employing these 3rd-party OAuth applications to glean further techniques that could then be leveraged to pivot to other parts of their infrastructure.

The Microsoft-owned platform mentioned it observed early evidence of the attack marketing campaign on April 12 when it encountered unauthorized entry to its NPM output surroundings making use of a compromised AWS API important.

CyberSecurity

This AWS API key is considered to have been received by downloading a set of unspecified private NPM repositories making use of the stolen OAuth token from a person of the two influenced OAuth programs. GitHub mentioned it has considering the fact that revoked the access tokens connected with the influenced applications.

“At this point, we assess that the attacker did not modify any offers or gain entry to any person account data or qualifications,” the enterprise explained, including it truly is even now investigating to ascertain if the attacker seen or downloaded non-public packages.

GitHub also said it truly is presently operating to identify and notify all of the known-influenced sufferer people and corporations that could be impacted as a final result of this incident about the next 72 several hours.

Discovered this report intriguing? Abide by THN on Fb, Twitter  and LinkedIn to examine much more exceptional content we write-up.


Some sections of this article are sourced from:
thehackernews.com

Previous Post: «karakurt ensnares conti, diavol ransomware groups in its web Karakurt Ensnares Conti, Diavol Ransomware Groups in Its Web
Next Post: Get Lifetime Access to This 60-Hour Java Programming Training Bundle @ 97% Discount get lifetime access to this 60 hour java programming training bundle»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • WhatsApp Unveils Proxy Support to Tackle Internet Censorship
  • Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub
  • Blind Eagle Hacking Group Targets South America With New Tools
  • US Family Planning Non-Profit MFHS Confirms Ransomware Attack
  • Microsoft Reveals Tactics Used by 4 Ransomware Families Targeting macOS
  • Dridex Malware Now Attacking macOS Systems with Novel Infection Method
  • Cyber attacks on UK organisations surged 77% in 2022, new research finds
  • WhatsApp to combat internet blackouts with proxy server support
  • The IT Pro Podcast: Going passwordless
  • Podcast transcript: Going passwordless

Copyright © TheCyberSecurity.News, All Rights Reserved.