1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • A mystery hacker is smuggling data out of private code repositori

    From TechnologyDaily@1337:1/100 to All on Mon Apr 18 14:45:03 2022
    A mystery hacker is smuggling data out of private code repositories, GitHub warns

    Date:
    Mon, 18 Apr 2022 13:37:10 +0000

    Description:
    Multiple OAuth applications have been affected, GitHub's CSO says.

    FULL STORY ======================================================================

    An unknown threat actor is harvesting data from private code repositories, with the help of stolen OAuth user tokens issued to Heroku and Travic-CI.

    As reported by GitHub, by last Tuesday, the threat actor managed to steal
    data from dozens of victims".

    "The applications maintained by these integrators were used by GitHub users, including GitHub itself," said Mike Hanley, Chief Security Officer at GitHub.

    Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 . Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey to get the bookazine, worth $10.99/10.99. No credentials stolen

    Hanley went on to explain that the attacker did not obtain these tokens as a result of a breach at GitHub, which did not store the stolen tokens in their original, usable format.

    "Our analysis of other behavior by the threat actor suggests that the actors may be mining the downloaded private repository contents, to which the stolen OAuth token had access, for secrets that could be used to pivot into other infrastructure," he added.

    Hanley said affected OAuth applications include Heroku Dashboard (ID: 145909 and ID: 628778), Heroku Dashboard Preview (ID: 313468), Heroku Dashboard Classic (ID: 363831), and Travis CI (ID: 9216).

    The attacker was spotted on April 12, when they tried to use a compromised
    AWS API key to access GitHubs npm production infrastructure. Its speculated that the attacker found the API key when downloading multiple private npm repositories. Read more

    GitHub is making it easier to manage all your company's accounts


    Searching through your code just got easier in GitHub


    All GitHub features are now free for everyone

    "Upon discovering the broader theft of third-party OAuth tokens not stored by GitHub or npm on the evening of April 13, we immediately took action to protect GitHub and npm by revoking tokens associated with GitHub and npms internal use of these compromised applications," Hanley further explained.

    Whoever was behind the attack managed to steal data from affected repositories, but most likely was not able to modify the packages, or obtain identity data, or account passwords .

    "npm uses completely separate infrastructure from GitHub.com; GitHub was not affected in this original attack," Hanley said. "Though investigation continues, we have found no evidence that other GitHub-owned private repos were cloned by the attacker using stolen third-party OAuth tokens." Want to avoid such a disaster? Check out the best disaster recovery services here

    Via BleepingComputer



    ======================================================================
    Link to news story: https://www.techradar.com/news/hackers-are-smuggling-data-out-of-private-code- repositories-github-warns/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)