Chủ Nhật, Tháng Hai 5, 2023
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z
No Result
View All Result
NATuts
No Result
View All Result
Home Tech

GitHub Says Hackers Infiltrated Dozens of Organizations Using Stolen OAuth Access Tokens

16 Tháng Tư, 2022
in Tech
0
GitHub Says Hackers Infiltrated Dozens of Organizations Using Stolen OAuth Access Tokens
585
SHARES
3.2k
VIEWS
Share on FacebookShare on Twitter

Các bài viết liên quan:

How to get travel insurance

Guide on how to get travel insurance with 4 options

24 Tháng Một, 2023
Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

8 Tháng Một, 2023
5 Best Software to Stream Games

5 Best Software to Stream Games

2 Tháng Một, 2023
IBM Bridge To Cloud For Power

IBM Bridge To Cloud For Power- Everything You Should Know

2 Tháng Một, 2023
Top 10 CRM Software For Construction 

Top 10 CRM Software For Construction Enterprises All The Time

31 Tháng Mười Hai, 2022
What Is IBM Software

What Is IBM Software? 4 Business Segments at IBM You Should Know

26 Tháng Mười Hai, 2022

OAuth Access Token

Cloud-based repository hosting service GitHub revealed on Friday that it discovered evidence of an unnamed adversary taking advantage of stolen OAuth user tokens to download unauthorized personal data from a number of organizations.

“An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM.” , GitHub’s Mike Hanley revealed in a report.

OAuth access tokens are typically used by applications and services to allow access to specific parts of a user’s data and to communicate with each other, without the need to share actual credentials. This is one of the most common methods used to transfer authorization from one single sign-on (SSO) service to another application.

As of April 15, 2022, the list of affected OAuth applications is as follows:

Heroku Dashboard (ID: 145909) Heroku Dashboard (ID: 628778) Heroku Dashboard – Preview (ID: 313468) Heroku Dashboard – Classic (ID: 363831) and Travis CI (ID: 9216)

The company said OAuth token not obtained through a breach of GitHub or its systems, the company said, as it does not store tokens in their original, usable format.

Additionally, GitHub warns that the threat actor may be parsing downloaded private repository content from victim entities using these third-party OAuth clients to collect additional information. secrets that can then be leveraged to pivot to other parts of their infrastructure.

Platform by Microsoft The owners note that they found initial evidence of the attack campaign on April 12 when it encountered unauthorized access to an NPM production environment using a compromised AWS API key.

This AWS API key is believed to have been obtained by downloading an unknown set of private NPM repositories using stolen OAuth tokens from one of the two affected OAuth applications. GitHub says it has since revoked the access tokens associated with the affected apps.

“At this time, we assess that the attacker did not modify any packages or gain access to any user account data or login information,” the company said. added that they are still investigating to determine if the attacker viewed or downloaded the private packages.

GitHub also said it is currently working to identify and notify all known affected users and victim organizations that may be impacted by this issue over the next 72 hours.

.

Previous Post

U.S. struggles to find a way to dispose of nuclear waste

Next Post

Why Companies Need to Invest So Much in Web Security

Megusta

Megusta

Related Posts

5 Best Software to Stream Games

5 Best Software to Stream Games

2 Tháng Một, 2023
Top 10 CRM Software For Construction 

Top 10 CRM Software For Construction Enterprises All The Time

31 Tháng Mười Hai, 2022
Instruction how to use OBS streaming software

Features, settings and how to use OBS streaming software through 9 simple steps

25 Tháng Mười Hai, 2022
What is Trans woman?  What is Transgender Women?

What is Trans woman? What is Transgender Women?

23 Tháng Mười Hai, 2022
Christmas gift: Genuine Windows 10 Pro for only $6.63 and Office 2021 for $14.22

Christmas gift: Genuine Windows 10 Pro for only $6.63 and Office 2021 for $14.22

22 Tháng Mười Hai, 2022
How to get 50 free coins of SkyJoy App to redeem

How to get 50 free coins of SkyJoy App to redeem

21 Tháng Mười Hai, 2022
Load More
Next Post
Why Companies Need to Invest So Much in Web Security

Why Companies Need to Invest So Much in Web Security

Trả lời Hủy

Email của bạn sẽ không được hiển thị công khai. Các trường bắt buộc được đánh dấu *

Bài viết mới

How to get travel insurance
Đời sống

Guide on how to get travel insurance with 4 options

24 Tháng Một, 2023
Software Asset Management for Websites: How to Keep Your Sites Running Smoothly
Phần mềm

Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

8 Tháng Một, 2023
5 Best Software to Stream Games
Software

5 Best Software to Stream Games

2 Tháng Một, 2023
IBM Bridge To Cloud For Power
Software

IBM Bridge To Cloud For Power- Everything You Should Know

2 Tháng Một, 2023
Top 10 CRM Software For Construction 
Tech

Top 10 CRM Software For Construction Enterprises All The Time

31 Tháng Mười Hai, 2022
What Is IBM Software
Software

What Is IBM Software? 4 Business Segments at IBM You Should Know

26 Tháng Mười Hai, 2022
W3Schools

Ads

Contact: [email protected]

DMCA.com Protection Status

Categories

  • Android
  • Cạm bẫy tâm lí
  • Chưa được phân loại
  • Đồ họa
  • Đời sống
  • Gen Z
  • Health
  • iOS
  • Kĩ năng mềm
  • News
  • Nhà mạng
  • Phần mềm
  • Phần mềm đồ họa
  • Review sách
  • Software
  • Tech
  • Thiết kế ảnh
  • Thiết kế video
  • Thủ thuật
  • Travel
  • Văn hóa Nam Bộ
  • Văn học
  • Window

Browse by Tag

ai là triệu phú android Apple browser Bullet Journal bản thân chai pin Chỉnh ảnh data domain download fshare game game show giả lập màu hosting IKEA ios khuyến mãi kinh doanh kiến thức kiểm tra pin messenger miễn phí mua sắm Máy ảnh mạng network nghệ thuật ngôn ngữ nhà Trần pin laptop quảng cáo tiếng anh trạng thái Trần Thủ Độ tên miền tắt hoạt động từ vựng video viettel window 10 word zalo Đơn giản

Recent News

How to get travel insurance

Guide on how to get travel insurance with 4 options

24 Tháng Một, 2023
Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

Software Asset Management for Websites: How to Keep Your Sites Running Smoothly

8 Tháng Một, 2023

Trang tin nóng hổi - vừa thổi vừa xem

No Result
View All Result
  • Home
  • Health
  • News
  • Software
  • Tech
  • Travel
  • Gen Z

Trang tin nóng hổi - vừa thổi vừa xem