[ad_1]
“Security Alert: Unusual Access Attempt,” the fake alert reads, Luc4m said. “We have detected a login attempt on your GitHub account that appears to be from a new location or device.”
Users are prompted to update passwords, 2FA
The alert offered a number of steps to secure their accounts against unauthorized activity. “If you recognize this activity, no further action is required. However, if this was not you, we strongly recommend securing your account immediately,” it reads.
The recommended actions include updating one’s password, reviewing and managing active sessions, and enabling two-factor authentication (2FA).
All these options, however, came with links that led to a GitHub authorization page for the “gitsecurityapp” OAuth app. The authorization page includes a list of risky permissions including access to and deleting public and private repositories, read or write user profiles, read organization membership and projects, and access to GitHub gists.
[ad_2]
READ SOURCE
