Tag: github
-
Clever ‘GitHub Scanner’ campaign abusing repos to push malware
by
in SecurityNewsA clever threat campaign is abusing GitHub repositories to distribute malware targeting users who frequent an open source project repository or are su… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/clever-github-scanner-campaign-abusing-repos-to-push-malware/
-
Beware Mac Users: Fake AppleCare+ Support Scam Lures Victims via GitHub Repos
by
in SecurityNewsA new fraudulent campaign targeting Mac users seeking AppleCare+ support or extended warranties has been uncovered by cybersecurity experts at Malware… First seen on securityonline.info Jump to article: securityonline.info/beware-mac-users-fake-applecare-support-scam-lures-victims-via-github-repos/
-
GitHub Copilot Autofix tackles vulnerabilities with AI
by
in SecurityNewsGitHub says Copilot Autofix drastically reduced the median time to remediate vulnerabilities in beta testing from 90 minutes for manual fixes to 28 mi… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366603045/GitHub-Copilot-Autofix-tackles-vulnerabilities-with-AI
-
GitHub Actions Vulnerable to Typosquatting, Exposing Developers to Hidden Malicious Code
by
in SecurityNewsThreat actors have long leveraged typosquatting as a means to trick unsuspecting users into visiting malicious websites or downloading booby-trapped s… First seen on thehackernews.com Jump to article: thehackernews.com/2024/09/github-actions-vulnerable-to.html
-
You probably want to patch this critical GitHub Enterprise Server bug now
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/08/21/patch_github_enterprise_bug/
-
GitHub comments abused to push password stealing malware masked as fixes
by
in SecurityNewsFirst seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-comments-abused-to-push-password-stealing-malware-masked-as-fixes/
-
Attackers Spread Lumma Stealer Malware GitHub Comments
by
in SecurityNewsCybercriminals are leveraging platforms like GitHub to spread the Lumma information stealer malware. This sophisticated threat is part of a growing tr… First seen on gbhackers.com Jump to article: gbhackers.com/lumma-stealer-malware-github/
-
GitHub Patches Critical Security Flaw in Enterprise Server Granting Admin Privileges
by
in SecurityNewsGitHub has released fixes to address a set of three security flaws impacting its Enterprise Server product, including one critical bug that could be a… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/github-patches-critical-security-flaw.html
-
GitHub Copilot Security and Privacy Concerns: Understanding the Risks and Best Practices
by
in SecurityNewsWorried about GitHub Copilot’s security and privacy concerns? Learn about potential risks and best practices to protect yourself and your organization… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/github-copilot-security-and-privacy-concerns-understanding-the-risks-and-best-practices/
-
Admin-Attacken auf GitHub Enterprise Server möglich
by
in SecurityNews
Tags: githubFirst seen on heise.de Jump to article: www.heise.de/news/Admin-Attacken-auf-GitHub-Enterprise-Server-moeglich-9843620.html
-
Copilot Autofix by GitHub launches
by
in SecurityNews
Tags: githubFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/copilot-autofix-by-github-launches
-
There is no real fix to the security issues recently found in GitHub and other similar software
by
in SecurityNewsThe lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-sour… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-aug-1-2024/
-
Researcher says deleted GitHub data can be accessed ‘forever’
by
in SecurityNewsTruffle Security researcher John Leon warned GitHub users that deleted repository data is never actually deleted, which creates an enormous attack vec… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366599096/Researcher-says-deleted-GitHub-data-can-be-accessed-forever
-
USENIX Security ’23 ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
by
in SecurityNewsAuthors/Presenters:Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros K… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-argus-a-framework-for-staged-static-taint-analysis-of-github-workflows-and-actions/
-
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
by
in SecurityNewsA critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unr… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/22/cve-2024-6800/
-
Developers Beware! Fake Job Offers from Legitimate Github Address
A new phishing campaign is targeting developers by exploiting GitHub’s legitimate infrastructure. This sophisticated attack involves fake job offers s… First seen on gbhackers.com Jump to article: gbhackers.com/developers-beware-fake-job-offers/
-
Schwachstellen im Code dreimal schneller beheben
by
in SecurityNewsFirst seen on golem.de Jump to article: www.golem.de/news/github-schwachstellen-im-code-dreimal-schneller-beheben-2408-187990.html
-
GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover
by
in SecurityNewsA newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organiz… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html
-
GitHub fixed a new critical flaw in the GitHub Enterprise Server
by
in SecurityNewsGitHub addressed three vulnerabilities in its GitHub Enterprise Server product, including a critical authentication flaw. GitHub addressed three secur… First seen on securityaffairs.com Jump to article: securityaffairs.com/167387/security/github-enterprise-server-critical-flaw.html
-
GitHub Enterprise Server vulnerable to critical auth bypass flaw
by
in SecurityNewsA critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-enterprise-server-vulnerable-to-critical-auth-bypass-flaw/
-
Critical Authentication Flaw Haunts GitHub Enterprise Server
by
in SecurityNewsGitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users. The post Critica… First seen on securityweek.com Jump to article: www.securityweek.com/critical-authentication-flaw-haunts-github-enterprise-server/
-
GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of op… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/github-attack-vector-google-microsoft-aws-projects
-
ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/artipacked-flaw-exposed-github-actions-to-token-leaks/
-
Are Your GitHub Artifacts Leaking Tokens?
by
in SecurityNews
Tags: githubFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36217/Are-Your-GitHub-Artifacts-Leaking-Tokens.html
-
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/07/26/github_stargazers_goblin_malware/
-
GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories
by
in SecurityNewsMisconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories. The post … First seen on securityweek.com Jump to article: www.securityweek.com/github-actions-artifacts-leak-tokens-and-expose-cloud-services-and-repositories/
-
GitHub rolls back database change after breaking itself
by
in SecurityNews
Tags: githubFirst seen on theregister.com Jump to article: www.theregister.com/2024/08/14/github_rollback/
-
GitHub Actions artifacts found leaking auth tokens in popular projects
by
in SecurityNewsMultiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/
-
Are your GitHub Action artifacts leaking tokens?
by
in SecurityNews
Tags: githubFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/are-your-github-action-artifacts-leaking-tokens