Attackers hacked the Canonical’s official Github account
Unknown attackers were successful in hacking official GitHub account of the Canonical Ltd., company behind the famous Ubuntu Linux distribution. The hacker (or hackers) then created new empty repositories (i.e. 11 new repositories). The GitHub account was hacked on Jul. 6, 2019.
It appears that this cyberattack was, luckily, just "loud" defacement attempt instead of a "silent" sophisticated supply-chain attack, which could be abused so as to distribute the modified malicious versions of open-source Canonical software.
ZDNet reported that as per a statement, the security team of Ubuntu said "we can confirm that on 2019-07-06 there was a Canonical owned account on GitHub whose credentials were compromised and used to create repositories and issues among other activities".
Once discovered, an investigation was launched by Canonical to determine extent of this breach. However, no indication was found at this point which will indicate that any PII or source code was affected. Moreover, Canonical also removed this compromised GitHub account from their organization.
It was also confirmed that as the company at present uses the Launchpad hosting platform for building and maintaining the Ubuntu distributions, so unauthorized changes on their Github account does not affect their popular as well as hugely-used Linux operating system and also their millions of users.
"Furthermore, the Launchpad infrastructure where the Ubuntu distribution is built and maintained is disconnected from GitHub and there is also no indication that it has been affected," said the security team of Ubuntu in a statement.
The security team of Ubuntu said that they are planning to publish one more public update after finishing the investigation about this incident, and after doing an audit and then carrying out other needed remediations.
The latest Canonical security incident was not the first-time that the company has gone through. Official Ubuntu forums were hacked earlier also on three different times (i.e. in Jul. 2013, in Jul. 2016, and Dec. 2016). The hackers stole 1.82 million users' details in the Jul. 2013 incident, two million users' data in Jul. 2016 incident, whereas in the Dec. 2016 incident - the forum was defaced only. Moreover, a malicious Ubuntu package having a cryptocurrency miner has been also found in May 2018 on official Ubuntu Store.
» SPAMfighter News - 8/1/2019
We are happy to see you are reading our IT Security News.
We do believe, that the foundation for a good work environment starts with fast, secure and high performing computers. If you agree, then you should take a look at our Business Solutions to Spam Filter & Antivirus for even the latest version of Exchange Servers - your colleagues will appreciate it!