#github-compromise

[ follow ]
#oauth-token-theft #glassworm #supply-chain-malware #vs-code-extensions #unc6395 #mandiant-investigation
Information security
fromInfoWorld
17 hours ago

How GlassWorm wormed its way back into developers' code - and what it says about open source security

GlassWorm reinfects VS Code extensions and GitHub repos using invisible Unicode and blockchain C2, spreading globally and threatening developers, enterprises, and critical infrastructure.
#oauth-token-theft
fromIT Pro
2 months ago
Information security

Salesloft Drift hackers had access to company GitHub account for months before attacks

fromIT Pro
2 months ago
Information security

Salesloft Drift hackers had access to company GitHub account for months before attacks

more#oauth-token-theft
fromTheregister
2 months ago

Drift attackers gained entry via a Salesloft GitHub account

The Salesloft Drift breach that compromised "hundreds" of companies including Google, Palo Alto Networks, and Cloudflare, all started with miscreants gaining access to the Salesloft GitHub account in March. This new information comes from a Saturday update into the Mandiant-led investigation - Salesloft hired the incident response firm to determine the root cause and scope of the incident - and a Sunday alert that the integration between Salesloft and Salesforce has now been restored.
Information security
[ Load more ]