Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Cyber Security Threats. Show all posts
Python-based Malware
Cyber Attacks Cyber Security Threats data security GitHub Open Source Python-based Malware

GitHub Under Siege: Unraveling the Ongoing Automated Attack on Open-Source Repositories

 

GitHub, a cornerstone for programmers worldwide, faces a severe threat as an unknown attacker deploys an automated assault, cloning and creating malicious code repositories. The attack, involving sophisticated obfuscation and social engineering, poses a significant challenge to GitHub's security infrastructure. 

An assailant employs an automated process to fork and clone existing repositories, concealing malicious code under seven layers of obfuscation. These rogue repositories closely mimic legitimate ones, contributing to the challenge of detection. Developers unknowingly forking affected repos unintentionally amplify the attack. 

Once a developer utilizes a compromised repository, a hidden payload begins unpacking layers of obfuscation, revealing malicious Python code and a binary executable. The code then initiates the collection of confidential data and login details, which are subsequently uploaded to a control server. Security provider Apiiro's research and data teams report a substantial surge in the attack since its inception in May of the previous year. 

While GitHub diligently removes affected repositories, its automation detection system struggles to catch all instances. With millions of uploaded or forked repositories, even a 1% miss-rate translates to potentially thousands of compromised repos still operational. Initially modest in scale, the attack has grown in size and sophistication, presenting challenges for GitHub's security measures. 

Researchers attribute the operation's success to GitHub's vast user base and the increasing complexity of the attack technique. The attack's intrigue lies in the fusion of sophisticated automated methods and exploiting simple human nature. While obfuscation techniques become more intricate, the attackers heavily rely on social engineering to confuse developers, compelling them to select the malicious code. 

This unintentional spread exacerbates the attack's impact and heightens the difficulty of detection. As of now, GitHub has not issued a direct comment on the ongoing attack. However, the platform released a general statement reassuring users of its commitment to security. The platform employs manual reviews, at-scale detection utilizing machine learning, and continuously evolves to counter adversarial attacks. 

GitHub's popularity as a vital resource for developers globally has inadvertently made it a target. The platform's open-source nature and extensive user base create vulnerabilities that attackers exploit. Resolving the issue entirely proves to be an uphill battle, with GitHub still grappling with the effectiveness of the assailant's methods. 

GitHub, a linchpin for the global programming community, faces a formidable challenge as an automated attack exploits its open-source framework and vast user base. The ongoing assault, characterized by sophisticated obfuscation and social engineering, underscores the complexities of securing such a widely used platform. GitHub's response and adaptation will be crucial in mitigating the impact and fortifying defenses against evolving cyber threats.
Read more »
Hacking
CMS editor Cyber Security Threats Data Theft FCKeditor Hacking

Old Website Tool Exploited by Hackers, Puts Education and Government Sites at Risk

Hackers are taking advantage of an old CMS editing tool for websites that have not been updated in a long time. They are using it to break into educational and government websites all over the world. Their goal is to mess with search results by sending people to dangerous websites or scams. Open redirect is like leaving the front door of your website wide open for hackers. 

They can sneak in, pretend to be you, and lead unsuspecting visitors straight into their trap. Imagine someone sending a fake email pretending to be from your company. The email has a link that looks legit because it has your domain name. But when people click on it, instead of going to your website, they end up on the hacker's site. 

This sneaky trick works because the website changes the link without you realizing it. Sometimes, it is done by the website itself using fancy code. Other times, it is as simple as sending a secret message to the visitor's browser. Either way, it is bad news for your online reputation. 

Imagine a scenario where there's a link on a website like this: "https://www.example.com/?redirect=". This link is supposed to take visitors to a specific webpage. But here is the catch: anyone can change that link to lead to whatever website they want. It is like having a signpost that can be tampered with to send people wherever someone pleases. That is what we call an open redirect. 

Attackers exploit open redirects to perpetrate phishing schemes, distribute malware, or perpetrate scams under the guise of legitimate domains. Because these URLs originate from reputable sources, they often evade security measures implemented by various products. When search engines index these redirects, they unintentionally make harmful links appear higher in search results.  

This means that open redirects can be used to manipulate search engine rankings by using trusted websites to promote shady content for specific searches. Attackers exploit open redirects on trusted domains to conduct phishing, distribute malware, or scam users. These redirects bypass security filters and can rank malicious content higher in search results. Despite their risks, major companies may not prioritize fixing them unless they lead to more severe vulnerabilities. 

@g0njxa, a cybersecurity researcher, uncovered a troubling malicious redirect campaign targeting university websites. This campaign exploits open redirect flaws associated with FCKeditor, a now outdated web text editor. Despite FCKeditor being replaced by the more modern CKEditor in 2009, many institutions still use the vulnerable version. 

@g0njxa identified several prominent institutions impacted by the malicious redirect campaign, including MIT, Columbia University, and government websites in Virginia and Spain. Despite these warnings, the software developer's response underscores the urgency of transitioning away from FCKeditor, which has been obsolete since 2010. This highlights the critical need for adopting more secure alternatives.
Read more »
Subscribe to: Posts (Atom)