GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to verify it was developed by the listed organization, which in this case is GitHub. If decrypted, the certificates could allow an attacker to sign unofficial versions of the apps that had been maliciously tampered with and pass them off as legitimate updates from GitHub. Current versions of Desktop and Atom are unaffected by the credential theft. "A set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected and we have no evidence of malicious use," the company wrote in an advisory. "As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications." The revocations, which will be effective on Thursday, will cause certain versions of the apps to stop working. On January 4, GitHub published a new version of the Desktop app that's signed with new certificates that were not exposed to the threat actor. One compromised certificate expired on January 4, and another is set to expire on Thursday. Revoking these certificates provides protection if they were used before expiration to sign malicious updates. Without the revocation, such apps would pass the signature check. The revocation has the effect of making all code fail the signature check, no matter when it was signed. A third affected certificate, an Apple Developer ID certificate, isn't set to expire until 2027. GitHub will revoke this certificate on Thursday as well. In the meantime, GitHub said, "We are working with Apple to monitor for any new executable files signed with the exposed certificate." On December 6, GitHub said, the threat actor used a compromised personal access token to clone repositories for Desktop, Atom, and other deprecated GitHub-owned organizations. GitHub revoked the PAT a day later after discovering the breach. None of the cloned repositories contained customer data. The advisory didn't explain how the PAT was compromised. Included in the repositories were "Several encrypted code signing certificates" customers could use when working with Desktop or Atom. There's no evidence that the threat actor could decrypt or use any of the certificates. "We investigated the contents of the compromised repositories and found no impact to GitHub.com or any of our other offerings outside of the specific certificates noted above," the advisory stated. "No unauthorized changes were made to the code in these repositories."

This Cyber News was published on packetstormsecurity.com. Publication date: Wed, 01 Feb 2023 19:26:55 +0000


Cyber News related to GitHub says hackers cloned code-signing certificates in breached repository

Beware of Expired or Compromised Code Signing Certificates - One of the vital security measures taken in this direction is the use of code signing certificates to prove software authenticity, integrity and security. Code signing certificates, used for digitally signing applications and software, are an ...
11 months ago Securityboulevard.com
GitHub says hackers cloned code-signing certificates in breached repository - GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing certificates place a cryptographic stamp on code to ...
1 year ago Packetstormsecurity.com
GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
1 year ago Nakedsecurity.sophos.com
GitHub Security Breach: Hackers Stole Code-Signing Certificates for GitHub Desktop and Atom - GitHub revealed on Monday that unknown hackers managed to steal encrypted code signing certificates related to some versions of GitHub Desktop for Mac and Atom apps. As a precaution, the company is revoking the exposed certificates. Versions 1.63.0 ...
1 year ago Thehackernews.com
Hackers Stole GitHub Desktop and Atom Code-Signing Certificates - Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications. The company is taking the precautionary action of canceling ...
1 year ago Heimdalsecurity.com
GitHub Reports Code-Signing Certificate Theft in Security Breach - Although attackers exfiltrated a set of encrypted code-signing certificates, these were password-protected, so there is no possibility of malicious use. GitHub revealed that on December 7th, 2022, hackers had gained unauthorized access to several of ...
1 year ago Hackread.com
GitHub Revokes Compromised Code Signing Certificates After Repo Hack - GitHub has recently revealed that unknown attackers have stolen encrypted code-signing certificates for its Desktop and Atom applications after gaining access to some of its development and release planning repositories. The company has found no ...
1 year ago Bleepingcomputer.com
AnyDesk says hackers breached its production servers, reset passwords - AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk ...
9 months ago Bleepingcomputer.com
CVE-2021-32724 - check-spelling is a github action which provides CI spell checking. In affected versions and for a repository with the [check-spelling action](https://github.com/marketplace/actions/check-spelling) enabled that triggers on `pull_request_target` (or ...
3 years ago
Signing Executables With Azure DevOps - This signing tool is compatible with all major executable files and works impeccably with all OV and EV code signing certificates. It's mostly used with Azure DevOps due to the benefit of Azure Key Vault. Here, you will undergo the complete procedure ...
10 months ago Feeds.dzone.com
AnyDesk says hackers breached its production servers, resets passwords - AnyDesk confirmed today that it suffered a recent cyberattack that allowed hackers to gain access to the company's production systems. BleepingComputer has learned that source code and private code signing keys were stolen during the attack. AnyDesk ...
9 months ago Bleepingcomputer.com
Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
10 months ago Securityboulevard.com
The role of certificate lifecycle automation in enterprise environments - Learn about PKI automation and its role in managing the growing complexity of digital identities and certificates. Digital certificates form a strong foundation for our modern digital landscape and at the root of these certificates: PKI. Public key ...
6 months ago Securityboulevard.com
Tensorflow Supply Chain Compromise via Self-Hosted Runner Attack - Let's say TensorFlow wants to run a set of tests when a GitHub user submits a pull request. TensorFlow can define these tests in a yaml workflow file, used by GitHub Actions, and configure the workflow to run on the `pull request` trigger. One type ...
9 months ago Securityboulevard.com
Adding OpenSSL Generated Certificates to Your Server: A Comprehensive Guide - Utilizing SSL/TLS certificates to encrypt data transferred between your server and clients is one of the fundamental components of server security. The process of adding OpenSSL-generated certificates to your server will be covered in detail in this ...
9 months ago Feeds.dzone.com
APT Hackers Abusing GitHub - Hackers use GitHub to access and manipulate source code repositories. GitHub hosts open-source projects, and unauthorized access allows hackers to inject malicious code, steal sensitive information, and exploit vulnerabilities in software development ...
9 months ago Cybersecuritynews.com
CVE-2021-32638 - Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token ...
2 years ago
GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks - Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, ...
9 months ago Securityboulevard.com
CVE-2023-30853 - Gradle Build Action allows users to execute a Gradle Build in their GitHub Actions workflow. A vulnerability impacts GitHub workflows using the Gradle Build Action prior to version 2.4.2 that have executed the Gradle Build Tool with the configuration ...
1 year ago
Strengthening Cybersecurity: The Role of Digital Certificates and PKI in Authentication - Data protection remains integral in our wide digital world. This has been possible because of the increasing awareness amidst enterprises, small and large, across industries on the paramount need for the protection of sensitive data, securing digital ...
9 months ago Feeds.dzone.com
Former Uber CISO Speaks Out, After 6 Years, on Data Breach, SolarWinds - Joe Sullivan arrived at his sentencing hearing on May 4 this year, prepared to go to jail had the judge not gone with a parole board's recommendation of probation. A federal jury convicted the former Uber CISO months earlier on two charges of fraud ...
11 months ago Darkreading.com
Over 12 million auth secrets and keys leaked on GitHub in 2023 - GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. The exposed secrets include account passwords, API keys, ...
7 months ago Bleepingcomputer.com
3 Ways to Stop Unauthorized Code From Running in Your Network - According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely is the development of code using AI tools. Many organizations are turning to ...
11 months ago Darkreading.com
3 Ways to Stop Unauthorized Code From Running in Your Network - According to Deloitte, more than 50% of organizations plan to incorporate AI and automation technologies in 2023. One thing that needs to be watched very closely is the development of code using AI tools. Many organizations are turning to ...
11 months ago Darkreading.com
Russian hackers use Ngrok feature and WinRAR exploit to attack embassies - After Sandworm and APT28, another state-sponsored Russian hacker group, APT29, is leveraging the CVE-2023-38831 vulnerability in WinRAR for cyberattacks. APT29 is tracked under different names and has been targeting embassy entities with a BMW car ...
11 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)