• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
github says recent attack involving stolen oauth tokens was "highly

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”

You are here: Home / General Cyber Security News / GitHub Says Recent Attack Involving Stolen OAuth Tokens Was “Highly Targeted”
May 3, 2022

Cloud-dependent code hosting platform GitHub described the current attack marketing campaign involving the abuse of OAuth entry tokens issued to Heroku and Travis-CI as “remarkably targeted” in character.

“This pattern of habits implies the attacker was only listing organizations in order to determine accounts to selectively focus on for listing and downloading non-public repositories,” GitHub’s Mike Hanley said in an up to date post.

The security incident, which it learned on April 12, relevant to an unidentified attacker leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download knowledge from dozens of corporations, such as NPM.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


The Microsoft-owned enterprise explained previous 7 days that it is in the method of sending a final set of notifications to GitHub prospects who experienced possibly the Heroku or Travis CI OAuth app integrations approved in their accounts.

In accordance to a comprehensive step-by-action examination carried out by GitHub, the adversary is stated to have employed the stolen application tokens to authenticate to the GitHub API, making use of it to listing all the corporations of afflicted users.

This was then succeeded by selectively choosing targets dependent on the detailed companies, pursuing it up by listing the personal repositories of worthwhile users accounts, right before shifting to clone some of all those personal repositories in the long run.

CyberSecurity

The enterprise also reiterated that the tokens ended up not attained by using a compromise of GitHub or its programs, and that the tokens are not saved in their “first, usable formats,” which could be misused by an attacker.

“Clients need to also carry on to keep track of Heroku and Travis CI for updates on their own investigations into the influenced OAuth applications,” GitHub mentioned.

Identified this post intriguing? Abide by THN on Facebook, Twitter  and LinkedIn to read much more special material we put up.


Some components of this write-up are sourced from:
thehackernews.com

Previous Post: «Cyber Security News Spyware Found on Spanish PM’s Phone
Next Post: New Hacker Group Pursuing Corporate Employees Focused on Mergers and Acquisitions new hacker group pursuing corporate employees focused on mergers and»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • New Variant of Banking Trojan BBTok Targets Over 40 Latin American Banks
  • How to Interpret the 2023 MITRE ATT&CK Evaluation Results
  • Iranian Nation-State Actor OilRig Targets Israeli Organizations
  • High-Severity Flaws Uncovered in Atlassian Products and ISC BIND Server
  • Apple Rushes to Patch 3 New Zero-Day Flaws: iOS, macOS, Safari, and More Vulnerable
  • Mysterious ‘Sandman’ Threat Actor Targets Telecom Providers Across Three Continents
  • Researchers Raise Red Flag on P2PInfect Malware with 600x Activity Surge
  • The Rise of the Malicious App
  • China Accuses U.S. of Decade-Long Cyber Espionage Campaign Against Huawei Servers
  • Cyber Group ‘Gold Melody’ Selling Compromised Access to Ransomware Attackers

Copyright © TheCyberSecurity.News, All Rights Reserved.