Security News

Multiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens through GitHub Actions artifacts in CI/CD...

The possibility to integrate security in development processes has given rise to DevSecOps, where development and operations teams work together with security teams and all their processes are converged. The incidents affecting GitHub users in 2023 increased by over 21% compared to the previous year.

Cybersecurity researchers from JFrog recently discovered a GitHub Personal Access Token in a public Docker container hosted on Docker Hub, which granted elevated access to the GitHub repositories of the Python language, Python Package Index, and the Python Software Foundation. The implications of someone finding this leaked token could be extremely severe.

"This network not only distributes malware but also provides various other activities that make these 'Ghost' accounts appear as normal users, lending fake legitimacy to their actions and the associated repositories." These include accounts that serve the phishing repository template, accounts providing the image for the phishing template, and accounts that push malware to the repositories in the form of a password-protected archive masquerading as cracked software and game cheats.

Infosec researchers have discovered a network of over three thousand malicious GitHub accounts used to spread malware, targeting groups including gamers, malware researchers, and even other threat actors who themselves seek to spread malware. The first account serves the "Phishing" repository template; The second account provides the "Image" used for the phishing template; The third account serves malware as a password-protected archive in a Release.

Researchers at Truffle Security have found, or arguably rediscovered, that data from deleted GitHub repositories and from deleted copies of repositories isn't necessarily deleted. The firm showed how one can fork a repository, commit data to it, delete the fork, and then access the supposedly deleted commit data via the original repository.

GitHub is an immensely popular platform, with over 100 million developers and over 90% of Fortune 100 companies utilizing it. Despite its widespread use, many GitHub Actions workflows remain insecure, often due to excessive privileges or high-risk dependencies.

Threat actors known as 'Stargazer Goblin' have created a malware Distribution-as-a-Service from over 3,000 fake accounts on GitHub that push information-stealing malware. The malware delivery service is called Stargazers Ghost Network and it utilizes GitHub repositories along with compromised WordPress sites to distribute password-protected archives that contain malware.

Check Point researchers have unearthed an extensive network of GitHub accounts that they believe provides malware and phishing link Distribution-as-a-Service. Set up and operated by a threat group...

The report found the GitHub Actions marketplace's security posture to be especially concerning, with most custom Actions not verified, maintained by one developer, or generating low-security scores based on OpenSSF Scorecard. Insecure GitHub Actions could allow attackers to compromise open-source and initiate supply chain attacks or use them as an initial attack vector into organizations that use GitHub.