Tag

Supply_chain

3 briefs RSS

GitHub Organizations 2FA Disabled

The disabling of two-factor authentication (2FA) in GitHub Organizations is detected through audit log monitoring, potentially indicating an attacker's attempt to weaken account security and facilitate unauthorized access.

github.com +3 github 2fa security_controls supply_chain

3r 3t Jan 3, 2024

medium advisory

GitHub Enterprise Self-Hosted Runner Registration

2 rules 1 TTP

A self-hosted runner was created in GitHub Enterprise, which could be exploited by attackers to execute malicious code, access sensitive data, or pivot to other systems.

github.com github supply_chain self_hosted_runner

2r 1t Jan 3, 2024

medium advisory

GitHub Enterprise Classic Branch Protection Rule Disabled

3 rules 2 TTPs

Detection of disabled classic branch protection rules in GitHub Enterprise, indicating potential bypass of code review and security controls, leading to unauthorized code changes and supply chain compromise.

GitHub Enterprise +4 github branch_protection supply_chain

3r 2t Jan 2, 2024