GitHub confirmed a breach last week that exposed around 3,800 internal repositories. The cause wasn't a zero-day. It was a VS Code extension.
GitHub experienced a security breach that compromised approximately 3,800 internal repositories. The breach was caused by a malicious VS Code extension that was available for 18 minutes before being removed. This incident highlights the risks associated with auto-updates and the need for improved security practices among developers.
- ▪Attackers took over the publisher token for the Nx Console extension, which has around 2.2 million installs.
- ▪A malicious JavaScript file was pushed to the VS Code Marketplace and was able to exfiltrate sensitive files from developer machines.
- ▪To mitigate risks, organizations are advised to disable auto-updates for extensions and implement stricter policies on extension installations.
Opening excerpt (first ~120 words) tap to expand
try { if(localStorage) { let currentUser = localStorage.getItem('current_user'); if (currentUser) { currentUser = JSON.parse(currentUser); if (currentUser.id === 3934119) { document.getElementById('article-show-container').classList.add('current-user-is-article-author'); } } } } catch (e) { console.error(e); } TheJS PythonGuy Posted on May 22 GitHub confirmed a breach last week that exposed around 3,800 internal repositories. The cause wasn't a zero-day. It was a VS Code extension. #github #hacktoberfest Attackers took over the publisher token for Nx Console, which has about 2.2 million installs. They pushed a malicious JavaScript file to the VS Code Marketplace. It was up for 18 minutes before it got pulled.
…
Excerpt limited to ~120 words for fair-use compliance. The full article is at DEV.to (Top).
Discussion
0 commentsMore from DEV.to (Top)
