{"id":386,"date":"2022-08-04T08:45:54","date_gmt":"2022-08-03T23:45:54","guid":{"rendered":"https:\/\/www.b64.pw\/blog\/?p=386"},"modified":"2022-08-04T08:45:55","modified_gmt":"2022-08-03T23:45:55","slug":"github%e3%81%ab%e3%83%9e%e3%83%ab%e3%82%a6%e3%82%a7%e3%82%a2%e3%82%92%e6%92%92%e3%81%8f%e6%94%bb%e6%92%83%e3%81%8c%e8%a1%8c%e3%82%8f%e3%82%8c%e3%81%a6%e3%81%84%e3%81%be%e3%81%99","status":"publish","type":"post","link":"https:\/\/www.b64.pw\/blog\/?p=386","title":{"rendered":"github\u306b\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u6492\u304f\u653b\u6483\u304c\u884c\u308f\u308c\u3066\u3044\u307e\u3059"},"content":{"rendered":"\n<p>\u6700\u8fd1 <code>ovz1<\/code> \u3068\u3044\u3046\u6587\u5b57\u5217\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u306b\u30a2\u30af\u30bb\u30b9\u3057\u3066\u30de\u30eb\u30a6\u30a7\u30a2\u3092\u30a4\u30f3\u30b9\u30c8\u30fc\u30eb\u3059\u308b\u3068\u3044\u3046\u30b9\u30af\u30ea\u30d7\u30c8\u3092\u3001github\u306bpush\u3059\u308b\u3068\u3044\u3046\u653b\u6483\u304c\u884c\u308f\u308c\u305f\u3088\u3046\u3067\u3059\u3002<\/p>\n\n\n\n<p>\u4eca\u4e00\u5ea6\u624b\u5143\u306e\u30bd\u30fc\u30b9\u30b3\u30fc\u30c9\u306b\u5bfe\u3057\u3066ovz1\u306e\u6587\u5b57\u5217\u3092\u691c\u7d22\u304b\u3051\u305f\u307b\u3046\u304c\u3088\u3055\u305d\u3046\u3002<\/p>\n\n\n\n<p><strong>\u53c2\u8003<\/strong><\/p>\n\n\n\n<p>GitHub supply chain attack cloned thousands of projects to trap unwary<br>https:\/\/thestack.technology\/github-supply-chain-attack-clones\/<br><br><\/p>\n\n\n\n<figure class=\"wp-block-embed is-type-rich is-provider-twitter wp-block-embed-twitter\"><div class=\"wp-block-embed__wrapper\">\n<blockquote class=\"twitter-tweet\" data-width=\"550\" data-dnt=\"true\"><p lang=\"en\" dir=\"ltr\">I am uncovering what seems to be a massive widespread malware attack on <a href=\"https:\/\/twitter.com\/github?ref_src=twsrc%5Etfw\">@github<\/a>.<br><br>&#8211; Currently over 35k repositories are infected<br>&#8211; So far found in projects including: crypto, golang, python, js, bash, docker, k8s<br>&#8211; It is added to npm scripts, docker images and install docs <a href=\"https:\/\/t.co\/rq3CBDw3r9\">pic.twitter.com\/rq3CBDw3r9<\/a><\/p>&mdash; Stephen Lacy (@stephenlacy) <a href=\"https:\/\/twitter.com\/stephenlacy\/status\/1554697077430505473?ref_src=twsrc%5Etfw\">August 3, 2022<\/a><\/blockquote><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script>\n<\/div><\/figure>\n","protected":false},"excerpt":{"rendered":"<p>\u6700\u8fd1 ovz1 \u3068\u3044\u3046\u6587\u5b57\u5217\u304c\u542b\u307e\u308c\u3066\u3044\u308b\u30c9\u30e1\u30a4\u30f3\u306b\u30a2\u30af\u30bb\u30b9 &#8230;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[32],"tags":[],"_links":{"self":[{"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=\/wp\/v2\/posts\/386"}],"collection":[{"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=386"}],"version-history":[{"count":2,"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=\/wp\/v2\/posts\/386\/revisions"}],"predecessor-version":[{"id":388,"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=\/wp\/v2\/posts\/386\/revisions\/388"}],"wp:attachment":[{"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=386"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=386"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.b64.pw\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=386"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}