Tag: github
-
Die 10 besten APITools
by
in SecurityNews
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
GitHub launches a free version of its Copilot
by
in SecurityNews
Tags: githubFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/github-launches-a-free-version-of-its-copilot/
-
Hackers Exploit Linux eBPF Tech to Host Malware on GitHub and Blogs
by
in SecurityNewsKEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-linux-ebpf-tech-malware-github-blogs/
-
390,000 WordPress credentials compromised via phishing, GitHub repos
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos
-
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys
by
in SecurityNewsSUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… First seen on hackread.com Jump to article: hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/
-
Hackers Hack Hackers: MUT-1244 Steals Credentials in Deceptive GitHub Attack
by
in SecurityNewsAccording to Datadog Security Labs, a cybercriminal group known as MUT-1244 has launched a sophisticated attack campaign that successfully compromised not only regular users but also other hackers and security... First seen on securityonline.info Jump to article: securityonline.info/hackers-hack-hackers-mut-1244-steals-credentials-in-deceptive-github-attack/
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
by
in SecurityNewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…
-
Ultralytics Supply-Chain Attack
by
in SecurityNewsLast week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ”, which has almost 60 million downloads”, was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading…
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
Compromised AI Library Delivers Cryptocurrency Miner via PyPI
The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-library-delivers-cryptocurrency/
-
Supply chain compromise of Ultralytics AI library results in trojanized versions
by
in SecurityNewsAttackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.According to researchers from…
-
Analyzing Tokenizer Part 2: Omen + Tokenizer
by
in SecurityNews“I have not failed. I’ve just found 10,000 ways that won’t work” – Thomas Edison Introduction: This is a continuation of a deep dive into John the Ripper’s new Tokenizer attack. Instruction on how to configure and run the original version of Tokenizer can be found [Here]. As a warning, those instructions need to be updated…
-
Linux Foundation report highlights the true state of open source libraries in production apps
by
in SecurityNewsThere are many metrics to track the prevalence of open source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis…
-
Linux Foundation report highlights the true state of open-source libraries in production apps
by
in SecurityNewsThere are many metrics to track the prevalence of open-source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis (SCA)…
-
GitHub’s boast that Copilot produces high-quality code challenged
by
in SecurityNewsWe’re shocked shocked that Microsoft’s study of its own tools might not be super-rigorous First seen on theregister.com Jump to article: www.theregister.com/2024/12/03/github_copilot_code_quality_claims/
-
Wiederherstellung und Backup für GitHub, GitLab und Bitbucket – HYCU ermöglicht Code ohne Datenverlustrisiko
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/hycu-unterstuetzt-github-gitlab-data-protection-a-ac1b75e41a693e8ee1674848f71193c3/
-
JFrog integriert GitHub und optimiert sicheres Software Supply Chain Management
by
in SecurityNewsIm Rahmen einer fortlaufenden Initiative wollen beide Unternehmen eine Roadmap für kontinuierliche Verbesserungen aufstellen, um sicherzustellen, dass… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-integriert-github-und-optimiert-sicheres-software-supply-chain-management/a37534/
-
Check Point entdeckt erfolgreiches Malware-Netzwerk auf GitHub
by
in SecurityNewsGitHub, der weltweit größte Quellcode-Host, ist integraler Bestandteil von über 100 Millionen Entwicklern und bietet mehr als 420 Millionen Repositori… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-erfolgreiches-malware-netzwerk-auf-github/a37903/
-
JFrog und GitHub stärken Zusammenarbeit mit Copilot-Chat und Software-Supply-Chain-Schutz
by
in SecurityNewsDie Integration von JFrog in GitHub ermöglicht eine nahtlose und sichere Verfolgung des Codes von der Quelle bis zu den resultierenden Binärdateien au… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-und-github-staerken-zusammenarbeit-mit-copilot-chat-und-software-supply-chain-schutz/a38345/
-
Stargazers Ghost: 3.000 falsche GitHub Accounts verbreiten Malware
by
in SecurityNewsDas Hacker-Netzwerk ‘Stargazers Ghost nutzt den Quellcode-Host GitHub, um über gefälschte Accounts Malware zu verbreiten, wie Sicherheitsforscher von … First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/stargazers-ghost-3-000-falsche-github-accounts-verbreiten-malware
-
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
by
in SecurityNewsKudelski Security has developed an open-source solution named YouShallNotPass (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP vali… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/01/youshallnotpass-hardening-ci-cd-pipelines-on-mission-critical-environments/
-
Popular game script spoofed to infect thousands of game developers
by
in SecurityNewsA malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
GitHub Secure Open Source Fund: Project maintainers, apply now!
by
in SecurityNewsGitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/open-source-security-funding/
-
GitHub Launches Fund to Improve Open Source Project Security
by
in SecurityNewsGitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects. The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/github-launches-fund-to-improve-open-source-project-security/
-
GitHub launches $1.25M open source fund with a focus on security
by
in SecurityNewsThe open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million…
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think
by
in SecurityNewsAccording to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year’s report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects…
-
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
-
Breach Roundup: Reserachers Showcase ‘FortiJumpHigher’
by
in SecurityNewsAlso: Honeypot ‘Jinn Ransomware,’ Patch Tuesday and At Risk Sectors. This week, Researchers say Fortinet didn’t fully patch FortiJump, Jinn Ransomware was a set up, Microsoft Patch Tuesday and a Moody’s warning over at-risk sectors. Also, a debt servicing firm breach, a DemandScience breach and a malicious tool targetint GitHub users. First seen on govinfosecurity.com…