Security News > 2021 > August > GitHub picks Friday 13th to kill off password-based Git authentication
If your Git operations start failing on Friday, August 13 with GitHub, it may well be because you're still using password authentication - and you need to change that.
In December, the source-code-hosting giant warned it will end password-based authentication for Git pushes and the like.
You'll need to use authentication tokens to complete your Git operations with GitHub.
In July, Microsoft patched CVE-2021-34473, an ACL bypass hole in Exchange Server; and CVE-2021-34523, an elevation-of-privilege flaw in the Exchange PowerShell backend, and in May, CVE-2021-31207, an Exchange Server security feature bypass vulnerability.
Now, as spotted by security experts and Bleeping Computer, scumbags are scanning the internet for vulnerable Exchange servers seemingly in hope of backdooring them using ProxyShell exploit code, most likely with the intent of running ransomware, pivoting to other machines on the network, and/or exfiltrating information.
The related ProxyLogon exploit chain was also used to inject ransomware into unpatched Microsoft Exchange servers.
News URL
https://go.theregister.com/feed/www.theregister.com/2021/08/12/git_proxyshell_gigabyte/
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-07-14 | CVE-2021-34523 | Improper Authentication vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Elevation of Privilege Vulnerability | 9.0 |
2021-07-14 | CVE-2021-34473 | Server-Side Request Forgery (SSRF) vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Remote Code Execution Vulnerability | 9.1 |
2021-05-11 | CVE-2021-31207 | Unrestricted Upload of File with Dangerous Type vulnerability in Microsoft Exchange Server 2013/2016/2019 Microsoft Exchange Server Security Feature Bypass Vulnerability | 6.6 |