Ausnahme gefangen: SSL certificate problem: certificate is not yet valid ๐Ÿ“Œ GitHub is Investigating Crypto-mining Campaign Abusing Its Server Infrastructure
Team IT Security Nachrichtenportal Logo

๐Ÿ  Team IT Security News

TSecurity.de ist eine Online-Plattform, die sich auf die Bereitstellung von Informationen,alle 15 Minuten neuste Nachrichten, Bildungsressourcen und Dienstleistungen rund um das Thema IT-Sicherheit spezialisiert hat.
Ob es sich um aktuelle Nachrichten, Fachartikel, Blogbeitrรคge, Webinare, Tutorials, oder Tipps & Tricks handelt, TSecurity.de bietet seinen Nutzern einen umfassenden รœberblick รผber die wichtigsten Aspekte der IT-Sicherheit in einer sich stรคndig verรคndernden digitalen Welt.

16.12.2023 - TIP: Wer den Cookie Consent Banner akzeptiert, kann z.B. von Englisch nach Deutsch รผbersetzen, erst Englisch auswรคhlen dann wieder Deutsch!

Google Android Playstore Download Button fรผr Team IT Security
RSS Feed Symbol fรผr Team IT Security 800+ IT News als RSS Feed abonnieren



๐Ÿ“š GitHub is Investigating Crypto-mining Campaign Abusing Its Server Infrastructure


๐Ÿ’ก Newskategorie: IT Security Nachrichten
๐Ÿ”— Quelle: it.slashdot.org

An anonymous Slashdot reader shared this report from The Record: Code-hosting service GitHub is actively investigating a series of attacks against its cloud infrastructure that allowed cybercriminals to implant and abuse the company's servers for illicit crypto-mining operations, a spokesperson told The Record today. The attacks have been going on since the fall of 2020 and have abused a GitHub feature called GitHub Actions, which allows users to automatically execute tasks and workflows once a certain event happens inside one of their GitHub repositories. In a phone call today, Dutch security engineer Justin Perdok told The Record that at least one threat actor is targeting GitHub repositories where GitHub Actions might be enabled. The attack involves forking a legitimate repository, adding malicious GitHub Actions to the original code, and then filing a Pull Request with the original repository in order to merge the code back into the original. But the attack doesn't rely on the original project owner approving the malicious Pull Request. Just filing the Pull Request is enough for the attack, Perdok said. The Dutch security engineer told us attackers specifically target GitHub project owners that have automated workflows that test incoming pull requests via automated jobs. Once one of these malicious Pull Requests is filed, GitHub's systems will read the attacker's code and spin up a virtual machine that downloads and runs cryptocurrency-mining software on GitHub's infrastructure. Perdok, who's had projects abused this way, said he's seen attackers spin up to 100 crypto-miners via one attack alone, creating huge computational loads for GitHub's infrastructure. The attackers appear to be happening at random and at scale. Perdok said he identified at least one account creating hundreds of Pull Requests containing malicious code.

Read more of this story at Slashdot.

...



Sharing is caring on Social Media

๐Ÿ”— Reddit
๐Ÿ”— Telegram
๐Ÿ”— LinkedIn
๐Ÿ”— Xing
๐Ÿ”— Twitter
๐Ÿ”— Whatsapp
๐Ÿ”— Facebook
๐Ÿ”— Flipboard

Join the Team IT Security Community

๐Ÿ”— "IT Sicherheit" Reddit-Gruppe
๐Ÿ”— "IT Sicherheit" Telegramm-Seite

๐Ÿ“Œ Attackers are abusing GitHub infrastructure to mine cryptocurrency


๐Ÿ“ˆ 30.72 Punkte

๐Ÿ“Œ Hackers Abusing GitHub Infrastructure To Mine Cryptocurrency


๐Ÿ“ˆ 30.72 Punkte

๐Ÿ“Œ Houseparty denied it had been hacked... while miscreants were abusing its dot-com domain name infrastructure


๐Ÿ“ˆ 28.55 Punkte

๐Ÿ“Œ Houseparty denied it had been hacked... while miscreants were abusing its dot-com domain name infrastructure


๐Ÿ“ˆ 28.55 Punkte

๐Ÿ“Œ Google: You get crypto, you get crypto, almost everyone gets email crypto!


๐Ÿ“ˆ 24.63 Punkte

๐Ÿ“Œ Cryptojacking Campaign Employs Deleted GitHub Account and Unofficial GitHub CDN


๐Ÿ“ˆ 23.49 Punkte

๐Ÿ“Œ Is malware abusing your infrastructure? Find out with VirusTotal!


๐Ÿ“ˆ 23.26 Punkte

๐Ÿ“Œ Turlaโ€™s watering hole campaign: An updated Firefox extension abusing Instagram


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ New Credential Stealer Malware Campaign Targets Hundreds of Companies Abusing Legitimate Tools


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Microsoft warns about email spam campaign abusing Office vulnerability


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ This week's top news headlines and updates: SSRF vulnerability found in VMwareโ€™s vRealize, hackers abusing Fortinet flaws, NK campaign targeting security researchers and more.


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Microsoft Dismantles Spam Campaign Abusing OAuth Applications


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Microsoft Warns of Malspam Campaign Abusing Office Vulnerability to Distribute Backdoor


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Charming Kitten APT Hackers Group Abusing Google Services to Attack U.S Presidential Campaign Members


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ New RomCom RAT Campaign Abusing Well-Known Software Brands


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Microsoft Investigation โ€“ Threat actor consent phishing campaign abusing the verified publisher process


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Microsoft Investigation - Threat actor consent phishing campaign abusing the verified publisher process


๐Ÿ“ˆ 23.25 Punkte

๐Ÿ“Œ Crypto Scammers Abusing Twitter Cards via Redirects


๐Ÿ“ˆ 22.88 Punkte

๐Ÿ“Œ Revive Adserver: Authentication Bypass by abusing Insecure crypto tokens in /lib/OA/Dal/PasswordRecovery.php:


๐Ÿ“ˆ 22.88 Punkte

๐Ÿ“Œ APT Hackers Abusing Microsoft Crypto API to Drop Backdoor on Windows Using Weaponized Shellcode


๐Ÿ“ˆ 22.88 Punkte

๐Ÿ“Œ House GOP Campaign Committee Says Its Emails Were Hacked During 2018 Campaign


๐Ÿ“ˆ 22.45 Punkte

๐Ÿ“Œ Investigating Command and Control Infrastructure (Emotet)


๐Ÿ“ˆ 22.41 Punkte

๐Ÿ“Œ No, GitHub's source code wasn't hacked and posted on GitHub, says GitHub CEO


๐Ÿ“ˆ 22.36 Punkte

๐Ÿ“Œ Made an open-source GitHub notifications app that only requires a notification access token to receive GitHub notifications on your mobile device, removing the risk of other untrusted mobile apps compromising your GitHub account as you never have to ente


๐Ÿ“ˆ 22.36 Punkte

๐Ÿ“Œ Deploying a Vite app on GitHub Pages using GitHub Actions with GitHub Secrets


๐Ÿ“ˆ 22.36 Punkte

๐Ÿ“Œ GitHub Honors Class of 2021 with 'GitHub Yearbook' and 'GitHub Graduation' Ceremony


๐Ÿ“ˆ 22.36 Punkte

๐Ÿ“Œ GitHub announces the preview of GitHub Copilot Enterprise and general availability of GitHub Copilot Chat


๐Ÿ“ˆ 22.36 Punkte

๐Ÿ“Œ Hackers Use GitHub to Host Malware to Attack Victims by Abusing Yandex Owned Legitimate ad Service


๐Ÿ“ˆ 22.12 Punkte

๐Ÿ“Œ Abusing a GitHub Codespaces Feature For Malware Delivery


๐Ÿ“ˆ 22.12 Punkte

๐Ÿ“Œ Hackers Abusing GitHub to Evade Detection and Control Compromised Hosts


๐Ÿ“ˆ 22.12 Punkte

๐Ÿ“Œ Threat Actors Increasingly Abusing GitHub for Malicious Purposes


๐Ÿ“ˆ 22.12 Punkte

๐Ÿ“Œ Opera Adds Crypto Wallet To Its Desktop Browser, Launches Anti-Chrome Campaign in Europe


๐Ÿ“ˆ 22.08 Punkte

๐Ÿ“Œ Opera Adds Crypto Wallet To Its Desktop Browser, Launches Anti-Chrome Campaign in Europe


๐Ÿ“ˆ 22.08 Punkte

๐Ÿ“Œ Microsoft Investigating GitHub Account Hacking Claims


๐Ÿ“ˆ 21.26 Punkte











matomo

Kontakt

24/7 kontakt@tsecurity.de

Weitere Informationen

Google Android Playstore Download Button fรผr Team IT Security
๐Ÿ”— Impressum
๐Ÿ”— Datenschutz
Paypal Spenden fรผr Projekt

Social Media

๐Ÿ”— Facebook
๐Ÿ”— Reddit
๐Ÿ”— Team IT Security als Elektron App
๐Ÿ”— © 2015-2023 Team IT Security Nachrichtenportal รผber Cybersecurity
๐Ÿ”— CMS "myDraft" a PHP Portal Software