TeqGo.com
No Result
View All Result
No Result
View All Result
TeqGo.com
No Result
View All Result
Home Computer

GitHub says hackers cloned code-signing certificates in breached repository

Staff by Staff
January 30, 2023
in Computer
0
GitHub says hackers cloned code-signing certificates in breached repository
467
SHARES
1.5k
VIEWS
Share on FacebookShare on Twitter


GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom.

Code-signing certificates place a cryptographic stamp on code to verify it was developed by the listed organization, which in this case is GitHub. If decrypted, the certificates could allow an attacker to sign unofficial versions of the apps that had been maliciously tampered with and pass them off as legitimate updates from GitHub. Current versions of Desktop and Atom are unaffected by the credential theft.

“A set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected and we have no evidence of malicious use,” the company wrote in an advisory. “As a preventative measure, we will revoke the exposed certificates used for the GitHub Desktop and Atom applications.”

The revocations, which will be effective on Thursday, will cause certain versions of the apps to stop working. Those apps are:

GitHub Desktop for Mac with the following versions:

  • 3.1.2
  • 3.1.1
  • 3.1.0
  • 3.0.8
  • 3.0.7
  • 3.0.6
  • 3.0.5
  • 3.0.4
  • 3.0.3
  • 3.0.2

Atom:

Desktop for Windows is unaffected.

On January 4, GitHub published a new version of the Desktop app that’s signed with new certificates that were not exposed to the threat actor. Users of Desktop should update to this new version.

Advertisement

One compromised certificate expired on January 4, and another is set to expire on Thursday. Revoking these certificates provides protection if they were used before expiration to sign malicious updates. Without the revocation, such apps would pass the signature check. The revocation has the effect of making all code fail the signature check, no matter when it was signed.

A third affected certificate, an Apple Developer ID certificate, isn’t set to expire until 2027. GitHub will revoke this certificate on Thursday as well. In the meantime, GitHub said, “We are working with Apple to monitor for any new executable files (like applications) signed with the exposed certificate.”

On December 6, GitHub said, the threat actor used a compromised personal access token (PAT) to clone repositories for Desktop, Atom, and other deprecated GitHub-owned organizations. GitHub revoked the PAT a day later after discovering the breach. None of the cloned repositories contained customer data. The advisory didn’t explain how the PAT was compromised.

Included in the repositories were “several encrypted code signing certificates” customers could use when working with Desktop or Atom. There’s no evidence that the threat actor could decrypt or use any of the certificates.

“We investigated the contents of the compromised repositories and found no impact to GitHub.com or any of our other offerings outside of the specific certificates noted above,” the advisory stated. “No unauthorized changes were made to the code in these repositories.”



Source link

Previous Post

How To Add Subscribe Animation To YouTube Video

Next Post

New Nintendo Switch App Turns Console Into a Mini-Tablet

Next Post
New Nintendo Switch App Turns Console Into a Mini-Tablet

New Nintendo Switch App Turns Console Into a Mini-Tablet

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recommended.

Washington Technology Industry Association lays off 14% of staff – GeekWire

Washington Technology Industry Association lays off 14% of staff – GeekWire

January 12, 2023
Point72's venture capital arm sees big opportunities in the Pacific Northwest – GeekWire

Point72’s venture capital arm sees big opportunities in the Pacific Northwest – GeekWire

January 7, 2023

Trending.

How To Delete GameStop Account – A Step By Step Guide

August 23, 2022

How To Create A Pokémon Trainer Club Account

August 23, 2022

Why is Ben Bailey leaving WDIV?

August 24, 2022

What happened to Andrew Humphrey on Channel 4 weather?

August 24, 2022

What is a 100000 year period called?

August 23, 2022
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com

No Result
View All Result
  • About us
  • Contact Us
  • Home
  • Privacy Policy and Disclaimer

© 2021-2023 Teqgo.com