Security News

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth app tokens issued to Heroku and Travis-CI to breach GitHub.com customer accounts with authorized Heroku or Travis CI OAuth app integrations.

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the company said in an updated post. The incident originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis-CI to download data from dozens of organizations, including NPM. The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims.

GitHub says it notified all organizations believed to have had data stolen from their private repositories by attackers abusing compromised OAuth user tokens issued to Heroku and Travis-CI. "As of 9:30 PM UTC on April 18, 2022, we've notified victims of this campaign whom we have identified as having repository contents downloaded by an unauthorized party through abuse of third-party OAuth user tokens maintained by Heroku and Travis CI," the company revealed in an update to the original statement. "We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems, because the tokens in question are not stored by GitHub in their original, usable formats which could be abused by an attacker," GitHub said.

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM," GitHub's Mike Hanley disclosed in a report.

GitHub revealed today that an attacker is using stolen OAuth user tokens to download data from private repositories. "The applications maintained by these integrators were used by GitHub users, including GitHub itself," revealed today Mike Hanley, Chief Security Officer at GitHub.

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.

A malicious developer could harvest Facebook data using the same access method, because Facebook is exposing a plain-text token that grants what security researcher Zach Edwards describes as "God mode." The request returns an access token to the extension for the logged-in Facebook user, allowing further programmatic interactions with Facebook data.

Misconfigurations in smart contracts are being exploited by scammers to create malicious cryptocurrency tokens with the goal of stealing funds from unsuspecting users. Smart contracts are programs stored on the blockchain that are automatically executed when predetermined conditions are met according to the terms of a contract or an agreement.

You don't have to log into the network to use the phone - it happens in the background via the SIM. Moreover, the mobile subscriber identity is one of the most widely used forms of digital identity. Firstly, it merely proves the user has access to a phone number, potentially through social engineering, not possession of a physical security token / device.