#1 Trusted Cybersecurity News Platform
Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cybersecurity

Heroku | Breaking Cybersecurity News | The Hacker News

Category — Heroku
Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

Hackers Using CAPTCHA Bypass Tactics in Freejacking Campaign on GitHub

Jan 06, 2023 Cryptocurrency / GitHub
A South Africa-based threat actor known as Automated Libra has been observed employing CAPTCHA bypass techniques to create GitHub accounts in a programmatic fashion as part of a freejacking campaign dubbed PURPLEURCHIN. The group "primarily targets cloud platforms offering limited-time trials of cloud resources in order to perform their crypto mining operations," Palo Alto Networks Unit 42 researchers William Gamazo and Nathaniel Quist  said . PURPLEURCHIN first came to light in October 2022 when Sysdig  disclosed  that the adversary created as many as 30 GitHub accounts, 2,000 Heroku accounts, and 900 Buddy accounts to scale its operation. Now according to Unit 42, the cloud threat actor group created three to five GitHub accounts every minute at the height of its activity in November 2022, totally setting up over 130,000 bogus accounts across Heroku, Togglebox, and GitHub. More than 22,000 GitHub accounts are estimated to have been created between September and Novemb
Heroku Forces User Password Resets Following GitHub OAuth Token Theft

Heroku Forces User Password Resets Following GitHub OAuth Token Theft

May 05, 2022
Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. The company, in an  updated notification , revealed that a compromised token was abused to breach the database and "exfiltrate the hashed and salted passwords for customers' user accounts." As a consequence, Salesforce said it's resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed. It also emphasized that internal Heroku credentials were rotated and extra detections have been put in place. The attack campaign, which GitHub  discovered  on April 12, related to an unidentified actor leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organizations, including NPM. The timeline of events as shared by the cloud platform is as follows - April 7, 2022  - Threat
The Secret Weakness Execs Are Overlooking: Non-Human Identities

The Secret Weakness Execs Are Overlooking: Non-Human Identities

Oct 03, 2024Enterprise Security / Cloud Security
For years, securing a company's systems was synonymous with securing its "perimeter." There was what was safe "inside" and the unsafe outside world. We built sturdy firewalls and deployed sophisticated detection systems, confident that keeping the barbarians outside the walls kept our data and systems safe. The problem is that we no longer operate within the confines of physical on-prem installations and controlled networks. Data and applications now reside in distributed cloud environments and data centers, accessed by users and devices connecting from anywhere on the planet. The walls have crumbled, and the perimeter has dissolved, opening the door to a new battlefield: identity . Identity is at the center of what the industry has praised as the new gold standard of enterprise security: "zero trust." In this paradigm, explicit trust becomes mandatory for any interactions between systems, and no implicit trust shall subsist. Every access request, regardless of its origin,
GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted"

GitHub Says Recent Attack Involving Stolen OAuth Tokens Was "Highly Targeted"

May 03, 2022
Cloud-based code hosting platform GitHub described the recent  attack campaign  involving the abuse of OAuth access tokens issued to Heroku and Travis CI as "highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley  said  in an updated post. The  security incident , which it discovered on April 12, related to an unidentified attacker leveraging stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis CI, to download data from dozens of organizations, including NPM. The Microsoft-owned company said last week that it's in the process of sending a final set of notifications to GitHub customers who had either the Heroku or Travis CI OAuth app integrations authorized in their accounts. According to a detailed step-by-step analysis carried out by GitHub, th
cyber security

The State of SaaS Security 2024 Report

websiteAppOmniSaaS Security / Data Security
Learn the latest SaaS security trends and discover how to boost your cyber resilience. Get your free…
GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

GitHub Notifies Victims Whose Private Data Was Accessed Using OAuth Tokens

Apr 19, 2022
GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the company  said  in an updated post. The  incident  originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis CI to download data from dozens of organizations, including NPM. The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims. Furthermore, it cautioned that the adversary may also be digging into the repositories for secrets that could be used in other attacks. Heroku, which has pulled support for GitHub
Expert Insights / Articles Videos
Cybersecurity Resources