It’s worth noting that successful certificate decoding could allow an attacker to sign trojanized programs with these certificates and pass them off as coming from GitHub, explains The Hacker News. (…) We have no evidence that the threat actor was able to decrypt or use these certificates.
Several encrypted code signing certificates were stored in these repositories for use via Actions in our GitHub Desktop and Atom release workflows. GitHub did not specify how the token was compromised. The compromised credentials were revoked after none of the repositories had consumer data. How Did the Breach Happen?Ī hacked personal access token (PAT) associated with a machine account is reported to have cloned the repositories the day before. The Windows version of GitHub Desktop is not affected. Atom was discontinued officially in December 2022. Therefore, the company is taking the precautionary action of canceling the exposed certificates. Monday, GitHub announced that unidentified threat actors were able to exfiltrate encrypted code signing certificates for certain versions of the GitHub Desktop for Mac and Atom applications.
0 kommentar(er)
