Security News > 2020 > April > GitHub users targeted by Sawfish phishing campaign

GitHub users targeted by Sawfish phishing campaign
2020-04-17 09:27

GitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts.

They could create a GitHub personal access token, which allows the user to access their GitHub account using the Security Assertion Markup Language.

The phishing site relays the TOTP code to the attacker, who then performs a man-in-the-middle attack and enters the TOTP code into GitHub.

Why is this phishing campaign so important? Any phishing attack is a problem, but getting access to a GitHub user's private repository could yield not only source code but keys to access online applications and SSH keys, along with login credentials for other online services.

Review the SSH keys used to access your GitHub account, verify your email addresses, and review your account's security log to check for any phishy behaviour.


News URL

https://nakedsecurity.sophos.com/2020/04/17/github-users-targetted-by-sawfish-phishing-campaign/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Github 12 3 42 30 15 90