May 31, 2023

GitHub took steps to replace its RSA SSH host key used to secure Git operations after it was briefly exposed in a public repository.

The activity is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or eavesdropping on users’ operations over SSH.

The operations do not impact Web traffic to GitHub.com and Git operations performed via HTTPS. No change is required for ECDSA or Ed25519 users.

Advertisements

Git also said that there is no evidence that the exposed SSH private key was exploited by adversaries.

Git also clarified that the issue was not the result of a compromise of any GitHub systems or customer information. It blamed it on an inadvertent publishing of private information.

Due to this, users might see failed workflow runs if they are using actions/checkout with the ssh-key option, adding it’s in the process of updating the action across all tags.

The disclosure comes nearly two months after GitHub revealed that unknown threat actors managed to exfiltrate encrypted code signing certificates pertaining to some versions of GitHub Desktop for Mac and Atom apps.

Tags:

Leave a Reply

You may have missed

Mirai Bots Targeting IoT Devices

Mirai Bots Targeting IoT Devices

May 30, 2023
Watering hole attack from Tortoiseshell group

Watering hole attack from Tortoiseshell group

May 29, 2023
New TLD Based Phishing Campaign

New TLD Based Phishing Campaign

May 29, 2023
CrowdStrike strategy dominates MDR Market

CrowdStrike strategy dominates MDR Market

May 28, 2023
TheCyberThrone Security Week In Review–May 27, 2023

TheCyberThrone Security Week In Review–May 27, 2023

May 28, 2023
Zyxel Patches Critical Buffer Overflow Vulnerability

Zyxel Patches Critical Buffer Overflow Vulnerability

May 27, 2023
%d bloggers like this: