GitHub Account Renaming Could Have Led to Supply Chain Attacks By Orbit Brain October 27, 2022 0 223 views Residence › Utility SafetyGitHub Account Renaming May Have Led to Provide Chain AssaultsBy Ionut Arghire on October 27, 2022TweetCheckmarx warns that attackers might have exploited the renaming of standard GitHub accounts to create malicious repositories utilizing the vacated identify and launch software program provide chain assaults.The approach, dubbed RepoJacking, entails the hijacking of a renamed repository’s site visitors by breaking GitHub’s redirection mechanism, and routing the site visitors to a malicious repository managed by the attacker.Every GitHub repository has a novel URL below the consumer account that created it and, every time the repository is cloned, the total repository URL is used.When a consumer modifications their GitHub account username, the URL is modified by changing the previous username with the brand new one, and the code-hosting platform routinely redirects customers to the brand new URL (for instance, github.com/username/repo turns into github.com/new-username/repo).An attacker conscious of the change might have hijacked the previous URL site visitors by making a GitHub account utilizing the previous username, after which making a repository matching the previous repository’s identify, thus gaining management over the github.com/username/repo URL and breaking the default redirect.“A GitHub repository is weak to RepoJacking when its creator decides to rename his username whereas the previous username is obtainable for registration. Now we have proven the coupling within the repository URLs between the repository identify and the creator username, and this implies attackers can create a brand new GitHub account having the identical mixture to match the previous repository URL utilized by current customers,” Checkmarx notes.To forestall such assaults, GitHub carried out a mechanism to ‘retire’ repositories with over 100 clones on the time the consumer renames their account. Nevertheless, GitHub would solely take into account as retired the namespace, or the mix of username and repository identify.Thus, ought to a consumer resolve to vary their account’s username, a malicious attacker might then create a brand new GitHub account utilizing the previous username, however wouldn’t be allowed to create below it a repository utilizing a reputation that might match a ‘retired’ mixture.What Checkmarx found was that the ‘standard repository namespace retirement’ safety measure might be simply bypassed.For that, an attacker would want to create a brand new GitHub account with an arbitrary identify, create a repository with the identify of the goal repository, switch the possession of the repository to a unique account, then rename the second account to the previous username of a just lately renamed account.Thus, they might achieve management over the URL containing each the previous username and the repository identify of the focused standard account, and will launch software program provide chain assaults.“Profitable exploitation permits the takeover of standard code packages in a number of bundle managers, together with ‘Packagist’, ‘Go’, ‘Swift’, and extra. Now we have recognized over 10,000 packages in these bundle managers utilizing renamed usernames and are prone to being weak to this method in case a brand new bypass is discovered,” Checkmarx notes.The software program safety firm explains that the bypass might additionally enable attackers to take management of standard GitHub actions consumed by specifying a GitHub namespace, which might result in main provide chain assaults.Checkmarx says it initially recognized the namespace retirement safety bypass in November 2021 and that GitHub has made a number of makes an attempt to handle it, with an entire patch rolled out in September 2022.“The mechanism that was discovered weak, the ‘Common repository namespace retirement’, stays a pretty assault level for provide chain attackers sooner or later,” Checkmarx says.Because of this, the corporate has launched an open supply software to assist determine packages which can be in danger, warning that an attacker exploited an identical problem earlier this 12 months to hijack and poison PHP packages which have hundreds of thousands of downloads.Associated: Timing Assaults Can Be Used to Test for Existence of Non-public NPM PackagesAssociated: GitHub Improves npm Account Safety as Incidents RiseAssociated: PyPI Served Malicious Model of Common ‘Ctx’ Python Package dealGet the Each day Briefing Most CurrentMost LearnNew York Publish ‘Hacked’ in Tweets Calling for Assassination of Biden, LawmakersAsset Threat Administration Agency Sepio Raises $22 Million in Sequence B FundingVersa Networks Raises $120 Million in Pre-IPO Funding SphericalGitHub Account Renaming May Have Led to Provide Chain AssaultsSee Tickets Buyer Fee Card Knowledge Stolen by Internet SkimmerHome windows Occasion Log Vulnerabilities May Be Exploited to Blind Safety MerchandiseWhite Home Provides Chemical Sector to ICS Cybersecurity InitiativeIndustrial Ransomware Assaults: New Teams Emerge, Manufacturing Pays Highest RansomVMware Patches Vital Vulnerability in Finish-of-Life ProductDrizly Agrees to Tighten Knowledge Safety After Alleged BreachOn the lookout for Malware in All of the Mistaken Locations?First Step For The Web’s subsequent 25 years: Including Safety to the DNSTattle Story: What Your Laptop Says About YouBe in a Place to Act By way of Cyber Situational ConsciousnessReport Exhibits Closely Regulated Industries Letting Social Networking Apps Run Rampant2010, A Nice 12 months To Be a Scammer.Do not Let DNS be Your Single Level of FailureThe way to Establish Malware in a BlinkDefining and Debating Cyber WarfareThe 5 A’s that Make Cybercrime so EnticingThe way to Defend In opposition to DDoS AssaultsSafety Budgets Not in Line with ThreatsAnycast – Three Causes Why Your DNS Community Ought to Use ItThe Evolution of the Prolonged Enterprise: Safety Methods for Ahead Considering OrganizationsUtilizing DNS Throughout the Prolonged Enterprise: It’s Dangerous EnterpriseShare this:FacebookXPrintEmailLinkedInRedditTwitterTumblrPinterestTelegramWhatsApp account name checkmarx cyberattack github rename RepoJacking repository software supply chain Orbit Brainhttps://orbitbrain.com/ Orbit Brain is the senior science writer and technology expert. Our aim provides the best information about technology and web development designing SEO graphics designing video animation tutorials and how to use software easy waysand much more. Like Best Service Latest Technology, Information Technology, Personal Tech Blogs, Technology Blog Topics, Technology Blogs For Students, Futurism Blog.
Cyberattack Steals Passenger Data From Portuguese AirlineIntroducing the Cyber Security News Cyberattack Steals Passenger Data From Portuguese Airline.... September 23, 2022 Cyber Security News
Cyber Firm Darktrace Shares Surge on Possible TakeoverIntroducing the Cyber Security News Cyber Firm Darktrace Shares Surge on Possible Takeover.... August 16, 2022 Cyber Security News
NSA Cyber Specialist, Army Doctor Charged in US Spying CasesIntroducing the Cyber Security News NSA Cyber Specialist, Army Doctor Charged in US Spying Cases.... September 30, 2022 Cyber Security News
Researchers Say Thai Pro-Democracy Activists Hit by SpywareIntroducing the Cyber Security News Researchers Say Thai Pro-Democracy Activists Hit by Spyware.... July 18, 2022 Cyber Security News
Associated Eye Care Discloses Impact From 2020 Netgain Ransomware AttackIntroducing the Cyber Security News Associated Eye Care Discloses Impact From 2020 Netgain Ransomware Attack.... July 11, 2022 Cyber Security News
New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD ProcessorsIntroducing the Cyber Security News New ‘Hertzbleed’ Remote Side-Channel Attack Affects Intel, AMD Processors.... June 15, 2022 Cyber Security News
Are Arbitrum Investors Still Selling Off? Analysts Remain Bullish On ARB As Price Surges 5.2%March 21, 2024 64