October 3, 2023

Researchers have spotted thousands of open-source code repositories on GitHub that could be vulnerable to an old exploit.

Researchers analysed millions of GitHub code repositories and found that almost 3% were vulnerable to an attack called repojacking. The bad actors could take control over an entire GitHub project.

Organizations that own these projects change their name and then create links to maintain the older account name. This is a convenience feature to help developers, but attackers can weaponize it, If these attacks are successful, malware could be inserted into these repositories, threatening software supply chains.

Advertisements

Some of these accounts found belong to major companies, such as Google LLC and Lyft Inc. Researchers notified all vulnerable account holders before publicly disclosing their results. More than 36,000 vulnerable repositories in their sample of GitHub log histories from June 2019.

As a recommendation, organizations should establish a regular program to check their GitHub repositories for links that go to external accounts and make sure that naming conventions are valid. If you change your organization name, ensure that you still own the previous name as well, even as a placeholder, to prevent attackers from creating it.

This research was documented by researchers from Aqua Security.

Tags:

Leave a Reply

You may have missed

Industrial Control Systems and Vulnerability Management Process

October 2, 2023

McLaren Healthcare suffers a Ransomware Incident

October 2, 2023

TheCyberThrone CyberSecurity Newsletter Top 5 Articles – September, 2023

October 2, 2023

TheCyberThrone Security Week In Review – September 30, 2023

October 1, 2023

Mozilla fixes CVE-2023-5217 Vulnerability in its Products

September 30, 2023

CISA KEV Update Part III – September 2023

September 30, 2023
%d bloggers like this: