BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
BTC $66491.5139
ETH $3184.3983
BNB $601.6419
SOL $155.6108
stETH $3185.1637
XRP $0.5495
DOGE $0.1586
TON $5.8776
ADA $0.5099
AVAX $38.8942
wstETH $3708.0998
WBTC $66518.7062
DOT $7.3764
WETH $3184.7962
TRX $0.1114
BCH $512.3077
LINK $15.4337
MATIC $0.7334
UNI $8.1252
ICP $14.9003
LTC $84.7276
DAI $0.9990
CAKE $2.9972
RNDR $9.1863
IMX $2.3935
STX $3.0458
NEAR $6.9983
ETC $28.0765
FDUSD $1.0009
MNT $1.2093
FIL $6.5339
TAO $511.7762
OKB $54.7486
HBAR $0.0893
VET $0.0421
KAS $0.1250
ATOM $8.8532
GRT $0.3029
PEPE $0.0000
WIF $2.8536
FET $2.4350
MKR $2854.7795
INJ $28.3839
THETA $2.3975
USDE $0.9992
XLM $0.1167
CORE $2.5851
  • Catalog
  • Blog
  • Tor Relay
  • Jabber
  • One-Time notes
  • Temp Email
  • What is TOR?
  • We are in tor
  • GitHub revokes code signing certificates stolen when repositories hacked


    A GitHub spokesperson claimed that unknown attackers stole encrypted code signing certificates for the GitHub Desktop and Atom Editor programs after gaining access to some repositories.

    So far, GitHub has found no evidence that password-protected certificates (one Apple Developer ID certificate and two Digicert code signing certificates used for Windows apps) were used for malicious purposes.

    “On December 6, 2022, our repositories for Atom, Desktop, and some other software owned by GitHub were backed up with a compromised personal access token (PAT). Upon discovery on December 7, 2022, our team immediately revoked the compromised credentials and began investigating the potential impact on customers and internal systems. As it turned out, none of the affected repositories contained customer data,” GitHub said.

    The company added that there is no risk to GitHub.com due to this security breach. No unauthorized changes were made to the affected projects. However, the compromised certificates have been revoked to invalidate the versions of GitHub Desktop and Atom Editor signed with them.

    GitHub stated that 3 certificates were revoked on February 2, 2023:

    • One Digicert certificate expired on January 4, 2023, while the second one expired on February 1, 2023. These certificates can no longer be used for code signing. Although they would not pose a risk, the company revoked them on February 2 as a preventive measure.
    • The Apple Developer ID certificate is valid until 2027. GitHub works closely with Apple to keep track of any new executables signed with this certificate.

    GitHub removed the latest two versions of Atom (1.63.0-1.63.1) from the releases page and on Feb. 2 revoked the Mac and Windows signing certificates used to sign Desktop 3.0.2-3.1.2 and Atom 1.63.0-1.63.1. All versions of applications signed with compromised certificates no longer function.

    “On January 4, 2023, we published a new version of Desktop. This version is signed with new certificates that have not been hacked. We highly recommend updating Desktop (3.1.5) and/or installing an older version of Atom (1.60.0)," added GitHub.
    Author DeepWeb
    Cocaine Tips
    Pro-Russian hacktivists attack websites of Dutch hospitals

    Comments 0

    Add comment