FreemindDec 6, 2023

The Go programming language’s modules are particularly susceptible to repojacking, distinguishing them from other package manager solutions like npm or PyPI.

#Cybersecurity #GitHub #GoModules #Hijacking #Repojacking

https://cybersec84.wordpress.com/2023/12/06/15000-github-repositories-at-risk-protect-your-go-modules-from-repojacking/

15,000 GitHub Repositories at Risk: Protect Your Go Modules from Repojacking

Recent research has identified a concerning security issue affecting over 15,000 Go module repositories on GitHub, making them susceptible to an attack known as “repojacking.” Jacob Bai…

CyberSec84 | Cybersecurity news.
/amDec 5, 2023
VulnCheck reports over 9,000 GitHub repositories at risk of repojacking from username changes, plus 6,000+ due to account deletions.In total, 15,000 repositories, supporting 800,000+ Go module-versions, are exposed to this vulnerability. https://vulncheck.com/blog/go-repojacking #GitHubSecurity #Repojacking
Hijackable Go Module Repositories - Blog - VulnCheck

VulnCheck scans the Go module ecosystem for module repositories affected by repojacking, and discover hundreds of thousands of affected module-versions.

VulnCheck
securityaffairsSep 12, 2023
A new #Repojacking attack exposed over 4,000 #GitHub repositories to hack
https://securityaffairs.com/150713/hacking/repojacking-attack-github-repositories.html
#securityaffairs #hacking
A new Repojacking attack exposed over 4,000 GitHub repositories to hack

A critical vulnerability in GitHub could have exposed more than 4,000 code packages to Repojacking attack.

Security Affairs
Marcel SIneM(S)USJun 24, 2023
Security: #RepoJacking auf #GitHub betrifft auch große Firmen wie Google | Developer https://www.heise.de/news/Security-RepoJacking-auf-GitHub-betrifft-auch-grosse-Firmen-wie-Google-9195575.html
Security: RepoJacking auf GitHub betrifft auch große Firmen wie Google

Durch die Übernahme von Repositories hinter umbenannten Organisationen auf GitHub können Angreifer Schadcode verbreiten.

heise online
securityaffairsJun 23, 2023
More than a million #GitHub repositories potentially vulnerable to #RepoJacking
https://securityaffairs.com/147756/hacking/github-repositories-repojacking.html
#securityaffairs #hacking #malware
More than a million GitHub repositories potentially vulnerable to RepoJacking

Researchers reported that millions of GitHub repositories are likely vulnerable to an attack called RepoJacking. A study conducted by Aqua researchers revealed that millions of GitHub repositories are potentially vulnerable to RepoJacking. In the RepoJacking attack, attackers claim the old username of a repository after the legitimate creator changed the username, then publish a rogue repository […]

Security Affairs
MsDropbear 🌈♀ Apr 11, 2023

@CKsTechNews

Holy crap! This is very unsettling news. 😨

https://blog.nietaanraken.nl/posts/aur-packages-github-repo-jacking/

#ArchLinux #AUR #RepoJacking

Hijacking Arch Linux Packages by Repo Jacking GitHub Repositories

Last year, we published a blog post discussing an attack where a malicious actor hijacks Arch User Repository (AUR) vulnerable packages by registering expired domains.

Blog by Joren Vrancken
Tarnkappe.infoNov 1, 2022
📬 GitHub: Umbenannte Konten gefährden Tausende von Projekten
#Hacking #Checkmarx #github #Quellcodeverwaltung #RepoJacking #Repository #Softwareprojekte #SupplyChainAngriffe https://tarnkappe.info/artikel/hacking/github-umbenannte-konten-gefaehrden-tausende-von-projekten-258590.html
GitHub: Umbenannte Konten gefährden Tausende von Projekten

Dass GitHub bei der Lösung gegen RepoJacking-Angriffe mehrere Anläufe brauchte, erweckt nicht gerade Vertrauen. Eine Restgefahr bleibt.

Tarnkappe.info