GitHub Revokes Compromised Code Signing Certificates After Repo Hack

GitHub has recently revealed that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. The company has found no evidence that the password-protected certificates were used for malicious purposes. On December 6, 2022, repositories from Atom, Desktop, and other deprecated Github-owned organizations were cloned by a compromised Personal Access Token associated with a machine account. Once detected on December 7, 2022, GitHub's team immediately revoked the compromised credentials and began investigating potential impact to customers and internal systems. None of the affected repositories contained customer data. The company added that there is no risk to GitHub.com services due to this security breach and that no unauthorized changes were made to the affected projects. The compromised certificates will be revoked to invalidate the GitHub Desktop for Mac and Atom versions signed using them. One Digicert certificate expired on January 4, 2023 and the second will expire on February 1, 2023. Once expired, these certificates can no longer be used to sign code. While these will not pose an ongoing risk, as a preventative measure, GitHub will revoke them on February 2. The Apple Developer ID certificate is valid until 2027. The company is working with Apple to monitor for any new executable files signed with the exposed certificate until the certificate is revoked on February 2. GitHub has removed the latest two Atom app versions from the releases page and will revoke the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1 on February 2. Once the certificates are revoked, all app versions signed with the compromised certificates will no longer function. On January 4, 2023, a new version of the Desktop app was published, signed with new certificates that were not exposed to the threat actor. It is highly recommended to update Desktop and/or downgrade Atom before February 2 to avoid disruptions in workflows. Additionally, Riot Games recently received a ransom demand from hackers, refused to pay, and delayed game patches after a security breach. CloudSEK also claimed it was hacked by another cybersecurity firm. JD Sports reported that hackers stole data of 10 million customers, and Zacks Investment Research suffered a data breach affecting 820,000 clients.

This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 30 Jan 2023 18:28:02 +0000


Cyber News related to GitHub Revokes Compromised Code Signing Certificates After Repo Hack

Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
1 year ago Securityboulevard.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
1 year ago Nakedsecurity.sophos.com
GitHub Revokes Compromised Code Signing Certificates After Repo Hack - GitHub has recently revealed that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. The company has found no ...
1 year ago Bleepingcomputer.com
GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
1 year ago Packetstormsecurity.com
GitHub Security Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom - GitHub revealed on Monday that unknown hackers managed to steal encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom apps. As a precaution, the company is revoking the exposed certificates. Versions 1.63.0 ...
1 year ago Thehackernews.com
Hackers Stole GitHub Desktop and Atom Code-Signing Certificates - Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. The company is taking the precautionary action of canceling ...
1 year ago Heimdalsecurity.com
GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
1 year ago Hackread.com
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
11 months ago Feeds.dzone.com
The role of certificate lifecycle automation in enterprise environments - Learn about PKI automation and its role in managing the growing complexity of digital identities and certificates. Digital certificates form a strong foundation for our modern digital landscape and at the root of these certificates: PKI. Public key ...
7 months ago Securityboulevard.com
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
11 months ago Securityboulevard.com
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
10 months ago Feeds.dzone.com
Congressman Coming for Answers After No-Fly List Hack - U.S. Congressman Bennie Thompson is demanding answers from airlines and the federal government after a "massive hack" of the no-fly list. The congressman sent a letter to the airlines and the Department of Homeland Security asking for an explanation ...
1 year ago Therecord.media
Hack The Box Launches 5th Annual University CTF Competition - PRESS RELEASE. Hack The Box, the leading gamified cybersecurity upskilling, certification, and talent assessment platform, is announcing its fifth annual global University Capture The Flag competition that will take place from December 8 to 10, 2023. ...
1 year ago Darkreading.com
3 Ways to Stop Unauthorized Code From Running in Your Network - According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely is the development of code using AI tools. Many organizations are turning to ...
1 year ago Darkreading.com
Strengthening Cybersecurity: The Role of Digital Certificates and PKI in Authentication - Data protection remains integral in our wide digital world. This has been possible because of the increasing awareness amidst enterprises, small and large, across industries on the paramount need for the protection of sensitive data, securing digital ...
10 months ago Feeds.dzone.com
GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks - Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, ...
10 months ago Securityboulevard.com
3 Ways to Stop Unauthorized Code From Running in Your Network - According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely is the development of code using AI tools. Many organizations are turning to ...
1 year ago Darkreading.com
AnyDesk says hackers breached its production servers, resets passwords - AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk ...
10 months ago Bleepingcomputer.com
CVE-2021-32638 - Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token ...
2 years ago
CVE-2024-53858 - The gh cli is GitHub’s official command line tool. A security vulnerability has been identified in the GitHub CLI that could leak authentication tokens when cloning repositories containing `git` submodules hosted outside of GitHub.com and ghe.com. ...
1 week ago Tenable.com
CVE-2024-27916 - Minder is a software supply chain security platform. Prior to version 0.0.33, a Minder user can use the endpoints `GetRepositoryByName`, `DeleteRepositoryByName`, and `GetArtifactByName` to access any repository in the database, irrespective of who ...
8 months ago
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
1 year ago
GitHub rotates keys to mitigate impact of credential-exposing flaw - GitHub rotated keys potentially exposed by a vulnerability patched in December that could let attackers access credentials within production containers via environment variables. This unsafe reflection vulnerability can allow attackers to gain remote ...
10 months ago Bleepingcomputer.com
GitHub warns users to enable 2FA before upcoming deadline - GitHub is warning users that they will soon have limited functionality on the site if they do not enable two-factor authentication on their accounts. In emails sent to GitHub users on Christmas Eve, the company warned that all users contributing code ...
11 months ago Bleepingcomputer.com
CVE-2022-24731 - Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. Argo CD starting with version 1.5.0 but before versions 2.1.11, 2.2.6, and 2.3.0 is vulnerable to a path traversal vulnerability, allowing a malicious user with read/write ...
2 years ago

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)