The Heroku and Travis-CI credential compromise – Action items for defenders
This weekend, GitHub security announced that they are investigating malicious activity, which appears to indicate that credentials associated with Travis-CI and Heroku GitHub integrations were compromised, and are actively used by threat actors to access private information of GitHub tenants which have installed these integrations. The fact that these applications are very common, combined with...