Persistent Threat: New Exploit Puts Thousands of GitHub Repositories and Millions of Users at Risk | allinfosecnews.com

Sept. 12, 2023, 11:05 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

A new vulnerability has been discovered that could allow an attacker to exploit a race condition within GitHub’s repository creation and username renaming operations. This technique could be used to perform a Repojacking attack (hijacking popular repositories to distribute malicious code). This finding marks the fourth time a unique method was identified that could potentially bypass GitHub’s “Popular repository namespace retirement” mechanism. The vulnerability has been reported to GitHub and has been fixed.

Key Findings

A novel vulnerability was discovered, …

attack attacker code exploit github github repositories hijacking malicious operations persistent persistent threat popular race race condition repojacking repositories repository risk threat username vulnerability

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Stolen Citrix Credentials Led to Change Ransomware Attack 18 minutes ago | malware.news

access attack authentication ceo +23

AI, Okta, Chrome, Quantum, Kaiser Permanente, FTC, FCC, NCSC, Josh Marpet, and more. - SWN … 28 minutes ago | malware.news

article chrome fcc ftc +9

Navigating the cybersecurity career maze an hour ago | malware.news

article career careers cyber +12

The Top 11 Legal Industry Cyber Attacks an hour ago | malware.news

addition attack attacks breach +13

Sophos named a Leader in the 2024 IDC MarketScape for Worldwide Managed Detection and Response … 2 hours ago | malware.news

and response article business capabilities +14

Another Day, Another NAS: Attacks against Zyxel NAS326 devices CVE-2023-4473, CVE-2023-4474, (Tue, Apr 30th) 2 hours ago | malware.news

article attacks cve devices +13

LABScon23 Replay | From Vulkan to Ryazan – Investigative Reporting from the Frontlines of Infosec 3 hours ago | malware.news

called campaigns companies critical +19

Defending infrastructure, securing systems key to CISA's new AI guidelines 3 hours ago | malware.news

article artificial artificial intelligence benefits +14

Announcing the General Availability of Spectra Detect v5.0: Enhancing File Analysis for Advanced Threat Detection 4 hours ago | malware.news

advanced advanced threat advanced threat detection analysis +22

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineer - Vulnerability Management

@ Starling Bank | Southampton, England, United Kingdom

View on infosec-jobs.com

Manager Cybersecurity

@ Sia Partners | Rotterdam, Netherlands

View on infosec-jobs.com

Compliance Analyst

@ SiteMinder | Manila

View on infosec-jobs.com

Information System Security Engineer (ISSE)-Level 3, OS&CI Job #447

@ Allen Integrated Solutions | Chantilly, Virginia, United States

View on infosec-jobs.com

Enterprise Cyber Security Analyst – Advisory and Consulting

@ Ford Motor Company | Mexico City, MEX, Mexico

View on infosec-jobs.com