GitHub has notified its users of a phishing campaign active since 16 September.
The bait in the seemingly persuasive phishing campaign is an email that mimics notifications from continuous integration and delivery platform CircleCI.
RELATED RESOURCE
Cyber resiliency and end-user performance
Reduce risk and deliver greater business success with cyber-resilience capabilities
Specifically, the fake email coerces recipients to accept updated “user terms and privacy policy” by signing into their GitHub accounts again through CircleCI.
“As part of our integration with GitHub, we are updating our Terms of Use and Privacy Policy to provide greater transparency about how CircleCI uses your information, as well as how cookies are used to make our services more convenient and effective,” the email reads.
By relaying credentials through reverse proxies, the threat actors attempted to steal GitHub account credentials, including two-factor authentication (2FA) codes.
However, GitHub assured accounts protected with hardware security keys for multi-factor authentication (MFA) are not susceptible to the attack.
“While GitHub itself was not affected, the campaign has impacted many victim organizations,” GitHub informed in an advisory on Wednesday.
Corroborating GitHub’s alert, CircleCI took to its forums to warn users that the platform would never ask users to enter credentials to view changes in its terms of service.
“Any emails from CircleCI should only include links to circleci.com or its sub-domains,” stated CircleCI in its notice.
“If you believe you or someone on your team may have accidentally clicked a link in this email, please immediately rotate your credentials for both GitHub and CircleCI, and audit your systems for any unauthorized activity,” added the company.
-
Security agencies issue warning over critical Cisco Catalyst SD-WAN vulnerabilityNews Threat actors have been exploiting the vulnerability to achieve root access since 2023
-
Millions of developers could be impacted by flaws in Visual Studio Code extensions – here's what you need to know and how to protect yourselfNews The VS Code vulnerabilities highlight broader IDE security risks, said OX Security
-
CVEs are set to top 50,000 this year, marking a record high – here’s how CISOs and security teams can prepare for a looming onslaughtNews While the CVE figures might be daunting, they won't all be relevant to your organization
-
Microsoft patches six zero-days targeting Windows, Word, and more – here’s what you need to knowNews Patch Tuesday update targets large number of vulnerabilities already being used by attackers
-
Experts welcome EU-led alternative to MITRE's vulnerability tracking schemeNews The EU-led framework will reduce reliance on US-based MITRE vulnerability reporting database
-
Veeam patches Backup & Replication vulnerabilities, urges users to updateNews The vulnerabilities affect Veeam Backup & Replication 13.0.1.180 and all earlier version 13 builds – but not previous versions.
-
Two Fortinet vulnerabilities are being exploited in the wild – patch nowNews Arctic Wolf and Rapid7 said security teams should act immediately to mitigate the Fortinet vulnerabilities
-
Everything you need to know about Google and Apple’s emergency zero-day patchesNews A serious zero-day bug was spotted in Chrome systems that impacts Apple users too, forcing both companies to issue emergency patches
