GitHub has issued security warnings in a short period of time, one of which relates generally to Git version management and the second relates to phishing emails to platform users. Both attack vectors can be dealt with by the measures offered.
There is an update for Git, and clicking on a link to a log in page in a mail that appears to be trustworthy, but it is unclear.
The attackers can inject any data into the protocol stream of the credential helper program using specially tailored URLs that contain a line break. The latter then carries out an HTTP request to the credentials instead of the original server. The server names can be any, so that attackers can redirect the request to each host.
GitHub Also Warns Of A Current Phishing Attack Wave
This at first glance uses fake emails and different tactics. The emails come from legitimate domains. The attackers fetch the email addresses from public commits and disguise the redirection to the target website, sometimes several times, using redirects and short URL services.
Those who use hardware security keys are on the safe side, but the attackers redirect codes in real time and use them immediately. The attackers then frequently download the contents of the repositories directly. In addition, they create personal access tokens in hacked accounts or enable access to applications so that they can be accessed even after the password has been changed by the legitimate users.
Clicking on links to a log-in page is unclear even with the most serious looking emails. If you are unsure about the supposed changes to the account, you should choose the direct route. If it is already too late, users will definitely have to change their password directly and check their personal access tokens.
