Cyber security news for all


    A vulnerability in GitHub allows mails to be redirected

    GitHub has issued security warnings in a short period of time, one of which relates generally to Git version management and the second relates to phishing emails to platform users. Both attack vectors can be dealt with by the measures offered.

    There is an update for Git, and clicking on a link to a log in page in a mail that appears to be trustworthy, but it is unclear.

    The attackers can inject any data into the protocol stream of the credential helper program using specially tailored URLs that contain a line break. The latter then carries out an HTTP request to the credentials instead of the original server. The server names can be any, so that attackers can redirect the request to each host.

    GitHub Also Warns Of A Current Phishing Attack Wave

    This at first glance uses fake emails and different tactics. The emails come from legitimate domains. The attackers fetch the email addresses from public commits and disguise the redirection to the target website, sometimes several times, using redirects and short URL services.

    Those who use hardware security keys are on the safe side, but the attackers redirect codes in real time and use them immediately. The attackers then frequently download the contents of the repositories directly. In addition, they create personal access tokens in hacked accounts or enable access to applications so that they can be accessed even after the password has been changed by the legitimate users.

    Clicking on links to a log-in page is unclear even with the most serious looking emails. If you are unsure about the supposed changes to the account, you should choose the direct route. If it is already too late, users will definitely have to change their password directly and check their personal access tokens.

    Recent Articles

    Russian Cybercriminal Behind “Cardplanet” Site Sentenced

    According to the United States Department of Justice, a Russian cybercriminal, Aleksey Burkov, 30—who operated Cardplanet site: a site that trafficked stolen card details—has...

    Hackers Used Malicious Docker Images to Mine Monero

    Researchers found malicious images on Docker Hub used for crypto mining. Palo Alto Networks' Unit  42, unraveled a crypto mining scheme which uses malicious Docker...

    NSA outlines requirements for secure collaboration services for US government telework

    The new National Security Agency (NSA) guidelines are a window of security for users. Everyone has been trying to return to their lives since...

    Cybercriminals threaten to sell off “scandalous” files swiped from Mariah Carey, Nicki Minaj, Puff Daddy’s legal eagles

    There's no escaping these cybercriminals. In a recent case of "cyber-extortion," threat actors known as REvil, are threatening to expose celebrity "dirt." These threat actors...

    Twitter apologises for exposed customers data

    In what is described as a "data security incident," sensitive details of Twitter's customers were exposed. Unlike other cases of a breach which are...

    Related Stories

    Leave A Reply

    Please enter your comment!
    Please enter your name here

    Stay on op - Ge the daily news in your inbox