| ▲ | moh_quz 15 hours ago | |
Really appreciate the transparency here. Post-mortems like this are vital for the industry. I'm curious was the exfiltration traffic distinguishable from normal developer traffic? We've been looking into stricter egress filtering for our dev environments, but it's always a battle between security and breaking npm install | ||
| ▲ | robinhoodexe 11 hours ago | parent [-] | |
Wouldn’t the IP allowlist feature on the GitHub organisation work wonders for this kind of attack? | ||