Guide: More: • GitHub has finally fixed the high-risk security vulnerabilities reported by Project Zero • The botnet has been quietly scanning large-scale insecure ENV files on the Internet
Number of words: 1063, reading time approximately: 1 minute
Author : The hardcore king
GoDaddy was socially engineered, and the DNS of multiple cryptocurrency websites was modified
. These attacks were caused by social engineering fraud against employees of the world's largest domain name registrar GoDaddy. This latest activity seems to have started around November 13, attacking the cryptocurrency trading platform liquid.com. The
network currency mining service NiceHash disclosed that some of its settings in GoDaddy's domain name registration records were changed without authorization, temporarily redirecting the website's email and network traffic. NiceHash freezes all client funds for approximately 24 hours until it can verify that its domain name settings have been changed back to the original settings.
GoDaddy admitted that after a "limited" number of GoDaddy employees fell into a social engineering scam, a "small number" of customer domain names were modified. Source of
: krebsonsecurity
Take a shot: As the largest domain registrar, GoDaddy will be socially engineered, which is disappointing.
GitHub finally fixed the high-risk security vulnerability reported by Project Zero.
This security vulnerability originates from the workflow command in GitHub Actions, which is very vulnerable to injection attacks as a communication channel between the execution action and the Action Runner. Because this will break the dependent code. After GitHub failed to fix the issue within the prescribed 104 days, Google publicly disclosed the issue on November 2.
This has brought some pressure to the company, and the vulnerability has now been fixed. Vulnerability discoverers stated that the implementation of workflow commands is "fundamentally insecure", and the short-term solution is to abolish the command syntax. And GitHub adopted this fix.
Source: cnbeta
Take a shot: Not every vulnerability can be fixed in time. The
botnet has been quietly scanning for insecure ENV files on the Internet on a large scale.
Threat actors are looking for API tokens that are usually stored in ENV files. , Password and database login information. The
ENV file, the environment file, is a configuration file, usually used by development tools. Frameworks such as Docker, Node.js, Symfony, and Django use ENV files to store environment variables. Due to the nature of the data they hold, ENV files should always be stored in a protected folder.
According to data from the security company Greynoise, in the past three years, more than 2,800 different IP addresses have been used to scan ENV files. In the past month, more than 1,100 scanners have been active. Source of
: zdnet
Take a shot: Just as the SSH private key is accidentally uploaded to GitHub, the protection of ENV files should also be taken seriously.
