Third-party code, Cloud Security

Repojacking attacks against over 15K Go module repositories likely

More than 15,000 Go module repositories on GitHub accounting for at least 800,000 Go module variants could be compromised in repojacking attacks, The Hacker News reports. Over 9,000 of the repositories were vulnerable as a result of username changes in GiHub, while the remaining repositories were exposed due to account deletion, a report from VulnCheck revealed. Repojacking attacks are more likely against Go modules due to their decentralized nature, said researchers. "Anyone can then instruct the Go module mirror and pkg.go.dev to cache the module's details. An attacker can register the newly unused username, duplicate the module repository, and publish a new module to proxy.golang.org and go.pkg.dev," said VulnCheck Chief Technology Officer Jacob Baines. Baines also noted that Go or GitHub should be responsible for addressing such repojacking attack concerns. "Until then, it's important for Go developers to be aware of the modules they use, and the state of the repository that the modules originated from," Baines added.

Related

Third-party ransomware attack threatens Sweden’s liquor supply

Swedish government-owned liquor retailer Systembolaget, which is the country's lone vendor of alcoholic beverages, has warned of a shortage of some beers, wines, and spirits across the country following a ransomware attack against its distributor Skanlog, which its CEO Mona Zuko has attributed to a North Korean state-sponsored threat operation, according to The Record, a news site by cybersecurity firm Recorded Future.

Abusing GitHub flaw could compromise GitLab

Open-source DevOps software project GitLab has also been impacted by the same security issue in GitHub comments that has been exploited by threat actors through Microsoft repository-linked URLs to facilitate the distribution of malware that was made to seem to originate from credible entities' official source code repositories, according to BleepingComputer.

GitHub search exploited for malware distribution

Malware-laced GitHub repositories using popular names and topics are being advanced by threat actors through automated updates and fraudulent stars meant to manipulate the leading software developer platform's search rankings as part of a new open-source supply chain attack, The Hacker News reports.

Related Events

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.