Users of GitHub Desktop and Atom must take action

Users of GitHub Desktop and Atom must take action

February 2nd, 2023 - Written By CyberLabs

Unidentified attackers reportedly gained access to certain of GitHub’s development and release planning repositories and stole encrypted code-signing certificates for the company’s Desktop and Atom applications.

“On December 7, 2022, GitHub detected unauthorized access to a set of repositories used in the planning and development of GitHub Desktop and Atom. After a thorough investigation, we have concluded there was no risk to GitHub.com services as a result of this unauthorized access and no unauthorized changes were made to these projects.” GitHub said.

To prove that the code was created by the stated company, in this case, GitHub, code-signing certificates affix a cryptographic seal to it. The certificates might be used by an attacker to sign maliciously altered unofficial versions of the apps and present them as official updates from GitHub if they were decrypted. The theft of credentials has no impact on the most recent versions of Desktop and Atom.

“However, several encrypted code signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. We have no evidence that the threat actor was able to decrypt or use these certificates.”

“We investigated the contents of the compromised repositories and found no impact to GitHub.com or any of our other offerings outside of the specific certificates noted above. No unauthorized changes were made to the code in these repositories.”

According to reports, the repositories were copied a day earlier using a hacked personal access token (PAT) linked to a machine account. The hacked credentials have since been revoked, and none of the repositories included any data on customers. However, GitHub withheld the specifics of the token compromise.

GitHub urges users to update to the latest version of Desktop/Atoms before February 2 to avoid disruptions in workflows.

Source

https://www.bleepingcomputer.com/news/security/github-revokes-code-signing-certificates-stolen-in-repo-hack/

https://thehackernews.com/2023/01/github-breach-hackers-stole-code.html

Recently,

Microsoft advises administrators to patch Exchange servers

 

No Image - Users of GitHub Desktop and Atom must take action
June 26th, 2024

Balancing Security with Individual Rights
No Image - Users of GitHub Desktop and Atom must take action
May 21st, 2024

ISO 27002:2022
No Image - Users of GitHub Desktop and Atom must take action
May 13th, 2024

Cultivating Good Security Habits in the Workplace

© 2021 BY CYBER LABS SERVICES (PVT) LTD

[email protected]

Sri Lanka Office:
No: 57/3 Flower Road, Colombo 07, Sri Lanka.

Melbourne Office:
No 08, Cubbie way Clyde, North Victoria 3978