Security News

Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051)
2024-06-11 12:33

JetBrains has fixed a critical vulnerability that could expose users of its integrated development environments to GitHub access token compromise. CVE-2024-37051 is a vulnerability in the JetBrains GitHub plugin on the IntelliJ open-source platform, and affects all IntelliJ-based IDEs as of 2023.1 onwards that have it enabled and configured/in-use.

Gitloker attacks abuse GitHub notifications to push malicious oAuth apps
2024-06-10 22:24

Threat actors impersonate GitHub's security and recruitment teams in phishing attacks to hijack repositories using malicious OAuth apps in an ongoing extortion campaign wiping compromised repos. Many GitHub users who have fallen victim to these attacks also report having their accounts disabled and losing access to all repos-likely after other victims reported them for being abused to push comment spam.

New York Times source code stolen using exposed GitHub token
2024-06-08 17:10

Internal source code and data belonging to The New York Times was leaked on the 4chan message board after being stolen from the company's GitHub repositories in January 2024, The Times confirmed to BleepingComputer. "Basically all source code belonging to The New York Times Company, 270GB," reads the 4chan forum post.

New Gitloker attacks wipe GitHub repos in extortion scheme
2024-06-06 17:53

The threat actor behind this campaign-who has the Gitloker handle on Telegram and is posing as a cyber incident analyst-is likely compromising targets' GitHub accounts using stolen credentials. "I hope this message finds you well. This is an urgent notice to inform you that your data has been compromised, and we have secured a backup," the ransom notes read. When BleepingComputer contacted GitHub earlier today for more details regarding the Gitloker extortion campaign, a spokesperson was not immediately available for comment.

GitHub fixes maximum severity Enterprise Server auth bypass bug (CVE-2024-4985)
2024-05-23 10:13

A critical, 10-out-of-10 vulnerability allowing unrestricted access to vulnerable GitHub Enterprise Server instances has been fixed by Microsoft-owned GitHub. There is a catch that may narrow down the pool of potential victims: instances are vulnerable to attack only if they use SAML single sign-on authentication AND have the encrypted assertions feature enabled.

GitHub Enterprise Server patches 10-outta-10 critical hole
2024-05-22 07:31

Your profile can be used to present content that appears more relevant based on your possible interests, such as by adapting the order in which content is shown to you, so that it is even easier for you to find content that matches your interests. Content presented to you on this service can be based on your content personalisation profiles, which can reflect your activity on this or other services, possible interests and personal aspects.

Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
2024-05-21 16:16

GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked...

GitHub warns of SAML auth bypass flaw in Enterprise Server
2024-05-21 15:01

GitHub has fixed a maximum severity (CVSS v4 score: 10.0) authentication bypass vulnerability tracked as CVE-2024-4986, which impacts GitHub Enterprise Server (GHES) instances using SAML single...

Cyber Criminals Exploit GitHub and FileZilla to Deliver Malware Cocktail
2024-05-20 09:26

A "multi-faceted campaign" has been observed abusing legitimate services like GitHub and FileZilla to deliver an array of stealer malware and banking trojans such as Atomic (aka AMOS), Vidar,...

Using Legitimate GitHub URLs for Malware
2024-04-22 15:26

The attacker is exploiting a property of GitHub: comments to a particular repo can contain files, and those files will be associated with the project in the URL. What this means is that someone can upload malware and "Attach" it to a legitimate and trusted project. As the file's URL contains the name of the repository the comment was created in, and as almost every software company uses GitHub, this flaw can allow threat actors to develop extraordinarily crafty and trustworthy lures.