Security News

A critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to gain administrator privileges on the machine. [...]

A newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organizations' cloud environments."A combination of misconfigurations and security flaws can make artifacts leak tokens, both of third party cloud services and GitHub tokens, making them available for anyone with read access to the repository to consume," Palo Alto Networks Unit 42 researcher Yaron Avital said in a report published this week.

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD...

The possibility to integrate security in development processes has given rise to DevSecOps, where development and operations teams work together with security teams and all their processes are converged. The incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year.

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation. The implications of someone finding this leaked token could be extremely severe.

"This network not only distributes malware but also provides various other activities that make these 'Ghost' accounts appear as normal users, lending fake legitimacy to their actions and the associated repositories." These include accounts that serve the phishing repository template, accounts providing the image for the phishing template, and accounts that push malware to the repositories in the form of a password-protected archive masquerading as cracked software and game cheats.

Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware. The first account serves the "Phishing" repository template; The second account provides the "Image" used for the phishing template; The third account serves malware as a password-protected archive in a Release.

Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories and from deleted copies of repositories isn't necessarily deleted. The firm showed how one can fork a repository, commit data to it, delete the fork, and then access the supposedly deleted commit data via the original repository.

GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies.

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware.