Dropbox admits 130 of its private GitHub repos were copied after phishing attack
Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials.the intrusion, and stated"no one's content, passwords, or payment information was accessed, and the issue was quickly resolved."The security snafu came to light on October 13 when Microsoft's GitHub detected suspicious behavior on Dropbox's corporate account.
Dropbox is a CircleCI user"for select internal deployment." Dropbox employees use their GitHub accounts to access Dropbox's private code repos, and their GitHub login details also get them into CircleCI. You know where this is going: get a Dropbox engineer's GitHub login details by pretending to be CircleCI, use that information to get into the Dropbox GitHub organization, and then rifle through the private repos.of phishing campaigns that involved impersonation of CircleCI.
"These legitimate-looking emails directed employees to visit a fake CircleCI login page, enter their GitHub username and password, and then use their hardware authentication key to pass a One Time Password to the malicious site," Dropbox's explanation states. That site would harvest the entered login details so that miscreants could use the info and log into a victim's GitHub account, and get into the work repos.
This tactic"eventually succeeded, giving the threat actor access to one of our GitHub organizations where they proceeded to copy 130 of our code repositories."
Österreich Neuesten Nachrichten, Österreich Schlagzeilen
Similar News:Sie können auch ähnliche Nachrichten wie diese lesen, die wir aus anderen Nachrichtenquellen gesammelt haben.
Clear The Air with Sadiq Khan - Podcast | Global Player“This is a public health emergency'. In this episode of Clear The Air, Sadiq Khan is joined by Rosamund Adoo-Kissi-Debrah whose daughter, Ella, was the first person in the UK to have air pollution listed as a cause of death on her death certificate. Rosamund tells Sadiq about how the pandemic has changed attitudes to air pollution, her unlikely friendship with Arnold Schwarzenegger, and her very personal campaign for cleaner air for everyone.
Weiterlesen »
10 Bizarrely Useful Beauty Lessons We Learned From Girl Bands Over The YearsFrom a smoky eye masterclass to must-copy lip liner, here are all the beauty lessons we've learnt from girl bands over the years.
Weiterlesen »
Win a copy of LumbearJack on Xbox - click here to enter!Click here for a chance to win a free copy of LumbearJack. Check back tomorrow for a chance to win a different game!
Weiterlesen »