For this year’s Cybersecurity Awareness Month, the GitHub bug bounty team is excited to feature another spotlight on a talented security researcher who participates in the GitHub Security Bug Bounty Program—@inspector-ambitious!
GitHub Security is constantly monitoring for abuse and security threats to GitHub, developers and communities that call GitHub home. In this blog, we are taking a moment to remind developers of some best practices and important defenses against common attack patterns against GitHub Actions.
While stolen personal access tokens are one method of enabling the threats described above, compromised accounts or GitHub sessions similarly enable those threats. Stolen tokens, compromised accounts, and compromised sessions often occur due to the presence of malware on a user’s computer (for example, the RedLine Stealer).
If you believe your repository has been compromised, we recommend you consider any repository secrets as compromised and rotate them, both in your GitHub settings and any places they are used, such as SSH credentials.
To further secure your repository, you can explore:
integrity attribute on any script tags so that manipulated content such as this doesn’t run, as outlined in https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity.
If you are concerned that your GitHub account has been compromised, you should employ the following measures to secure your account:
- Review your personal access tokens.
- Change your GitHub password.
- Reset your two-factor recovery codes.
- Take additional steps to review and secure your account.