OAuth Token | Breaking Cybersecurity News | The Hacker News

A set of novel attack methods has been demonstrated against Google Workspace and the Google Cloud Platform that could be potentially leveraged by threat actors to conduct ransomware, data exfiltration, and password recovery attacks. "Starting from a single compromised machine, threat actors could progress in several ways: they could move to other cloned machines with  GCPW  installed, gain access to the cloud platform with custom permissions, or decrypt locally stored passwords to continue their attack beyond the Google ecosystem," Martin Zugec, technical solutions director at Bitdefender,  said  in a new report. A prerequisite for these attacks is that the bad actor has already gained access to a local machine through other means, prompting Google to mark the bug as  not eligible for fixing  "since it's outside of our threat model and the behavior is in line with Chrome's practices of storing local data." However, the Romanian cybersecurity firm has w...

GitHub on Monday noted that it had notified all victims of an attack campaign, which involved an unauthorized party downloading private repository contents by taking advantage of third-party OAuth user tokens maintained by Heroku and Travis CI. "Customers should also continue to monitor Heroku and Travis CI for updates on their own investigations into the affected OAuth applications," the company  said  in an updated post. The  incident  originally came to light on April 12 when GitHub uncovered signs that a malicious actor had leveraged the stolen OAuth user tokens issued to Heroku and Travis CI to download data from dozens of organizations, including NPM. The Microsoft-owned platform also said that it will alert customers promptly should the ongoing investigation identify additional victims. Furthermore, it cautioned that the adversary may also be digging into the repositories for secrets that could be used in other attacks. Heroku, which has pulled supp...

Cloud-based repository hosting service GitHub on Friday revealed that it discovered evidence of an unnamed adversary capitalizing on stolen OAuth user tokens to unauthorizedly download private data from several organizations. "An attacker abused stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis CI, to download data from dozens of organizations, including NPM," GitHub's Mike Hanley  disclosed  in a report. OAuth access tokens are often  used  by apps and services to authorize access to specific parts of a user's data and communicate with each other without having to share the actual credentials. It's one of the most common methods used to pass authorization from a single sign-on ( SSO ) service to another application. As of April 15, 2022, the list of affected OAuth applications is as follows - Heroku Dashboard (ID: 145909) Heroku Dashboard (ID: 628778) Heroku Dashboard – Preview (ID: 313468) Heroku Dashboard – Classi...