GitHub has recently revealed that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. The company has found no evidence that the password-protected certificates were used for malicious purposes. On December 6, 2022, repositories from Atom, Desktop, and other deprecated Github-owned organizations were cloned by a compromised Personal Access Token associated with a machine account. Once detected on December 7, 2022, GitHub's team immediately revoked the compromised credentials and began investigating potential impact to customers and internal systems. None of the affected repositories contained customer data. The company added that there is no risk to GitHub.com services due to this security breach and that no unauthorized changes were made to the affected projects. The compromised certificates will be revoked to invalidate the GitHub Desktop for Mac and Atom versions signed using them. One Digicert certificate expired on January 4, 2023 and the second will expire on February 1, 2023. Once expired, these certificates can no longer be used to sign code. While these will not pose an ongoing risk, as a preventative measure, GitHub will revoke them on February 2. The Apple Developer ID certificate is valid until 2027. The company is working with Apple to monitor for any new executable files signed with the exposed certificate until the certificate is revoked on February 2. GitHub has removed the latest two Atom app versions from the releases page and will revoke the Mac and Windows signing certificates used to sign Desktop app versions 3.0.2-3.1.2 and Atom versions 1.63.0-1.63.1 on February 2. Once the certificates are revoked, all app versions signed with the compromised certificates will no longer function. On January 4, 2023, a new version of the Desktop app was published, signed with new certificates that were not exposed to the threat actor. It is highly recommended to update Desktop and/or downgrade Atom before February 2 to avoid disruptions in workflows. Additionally, Riot Games recently received a ransom demand from hackers, refused to pay, and delayed game patches after a security breach. CloudSEK also claimed it was hacked by another cybersecurity firm. JD Sports reported that hackers stole data of 10 million customers, and Zacks Investment Research suffered a data breach affecting 820,000 clients.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Mon, 30 Jan 2023 18:28:02 +0000