Tag: github
-
HPE’s sensitive data exposed in alleged IntelBroker hack
by
in SecurityNewsIntelBroker has struck again. This time, the notorious BreachForums bigwig, which has a long list of high-profile victims, including Europol, Cisco, and GE, has claimed to have breached IT giant Hewlett Packard Enterprise (HPE).The suspected Serbian-origin hacker is offering to sell on BreachForums, sensitive data allegedly stolen from HPE including product source codes and personally…
-
How organizations can secure their AI code
by
in SecurityNews
Tags: ai, application-security, awareness, backdoor, breach, business, chatgpt, ciso, compliance, control, credentials, crime, cybersecurity, data, data-breach, finance, github, healthcare, LLM, malicious, ml, open-source, organized, programming, risk, risk-management, software, startup, strategy, supply-chain, technology, tool, training, vulnerabilityIn 2023, the team at data extraction startup Reworkd was under tight deadlines. Investors pressured them to monetize the platform, and they needed to migrate everything from Next.js to Python/FastAPI. To speed things up, the team decided to turn to ChatGPT to do some of the work. The AI-generated code appeared to function, so they…
-
Bogus LDAPNightmare POC Deploys Infostealer Via Malicious GitHub Repo
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/bogus-ldapnightmare-poc-deploys-infostealer-via-github-repo
-
GitHub CISO on security strategy and collaborating with the open-source community
by
in SecurityNewsIn this Help Net Security, Alexis Wales, CISO at GitHub, discusses how GitHub embeds security into every aspect of its platform to protect millions of developers and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2025/01/13/alexis-wales-github-ciso-security-strategy/
-
Fake LDAPNightmware exploit on GitHub spreads infostealer malware
A deceptive proof-of-concept (PoC) exploit for CVE-2024-49113 (aka “LDAPNightmare”) on GitHub infects users with infostealer malware that exfiltrates sensitive data to an external FTP server. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/fake-ldapnightmware-exploit-on-github-spreads-infostealer-malware/
-
Banshee macOS stealer supports new evasion mechanisms
Experts found a new version of the Banshee macOS information stealer which was enhanced with new evasion mechanisms. Check Point researchers discovered a new version of the Banshee macOS infostealer which is distributed through phishing websites and fake GitHub repositories, often masqueraded as popular software. In August 2024, Russian crooks advertised a macOS malware called…
-
Banshee Stealer Hits macOS Users via Fake GitHub Repositories
by
in SecurityNewsSUMMARY Cybersecurity researchers at Check Point detected a new version of Banshee Stealer in late September 2024, distributed… First seen on hackread.com Jump to article: hackread.com/banshee-stealer-hits-macos-fake-github-repositories/
-
Malware targets Mac users by using Apple’s security tool
by
in SecurityNewsA variant of the Banshee macOS infostealer was seen duping detection systems with new string encryption copied from Apple’s in-house algorithm.A Check Point research, which caught the variant after two months of successful evasion, said threat actors distributed Banshee using phishing websites and fake GitHub repositories, often impersonating popular software like Google Chrome, Telegram, and…
-
APT32 Hacker Group Attacking Cybersecurity Professionals Poisoning GitHub
by
in SecurityNewsThe malicious Southeast Asian APT group known as OceanLotus (APT32) has been implicated in a sophisticated attack that compromises the privacy of cybersecurity professionals. A recent investigation by the ThreatBook Research and Response Team revealed that a popular privilege escalation tool utilized by cybersecurity experts had been backdoored, leading to significant data breaches and identity…
-
Part 15: Function Type Categories
by
in SecurityNewsOn Detection: Tactical to Functional Seven Ways to View API Functions Introduction Welcome back to Part 15 of the On Detection: Tactical to Functional blog series. I wrote this article to serve as a resource for those attempting to create tool graphs to describe the capabilities of the attacker tools or malware samples they encounter.…
-
Gen AI is transforming the cyber threat landscape by democratizing vulnerability hunting
by
in SecurityNews
Tags: ai, api, apt, attack, bug-bounty, business, chatgpt, cloud, computing, conference, credentials, cve, cyber, cybercrime, cyberespionage, cybersecurity, data, defense, detection, email, exploit, finance, firewall, flaw, framework, github, government, group, guide, hacker, hacking, incident response, injection, LLM, malicious, microsoft, open-source, openai, penetration-testing, programming, rce, RedTeam, remote-code-execution, service, skills, software, sql, tactics, threat, tool, training, update, vulnerability, waf, zero-dayGenerative AI has had a significant impact on a wide variety of business processes, optimizing and accelerating workflows and in some cases reducing baselines for expertise.Add vulnerability hunting to that list, as large language models (LLMs) are proving to be valuable tools in assisting hackers, both good and bad, in discovering software vulnerabilities and writing…
-
Honey co-founder’s Pie Adblock called out for copying GPL’d uBlock Origin files
by
in SecurityNews
Tags: githubAnd, magically, a repo appears on GitHub with attribution First seen on theregister.com Jump to article: www.theregister.com/2025/01/04/pie_adblock_ublock_origin_code/
-
New FireScam Android data-theft malware poses as Telegram Premium app
A new Android malware named ‘FireScam’ is being distributed as a premium version of the Telegram app via phishing websites on GitHub that mimick the RuStore, Russia’s app market for mobile devices. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/new-firescam-android-data-theft-malware-poses-as-telegram-premium-app/
-
3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt Tendenz steigend
by
in SecurityNews
Tags: githubIn einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend. First seen on heise.de Jump to article: www.heise.de/news/3-1-Millionen-boesartige-Fake-Sterne-auf-GitHub-entdeckt-Tendenz-steigend-10223115.html
-
Unmasking Fraudulent Popularity: Study Exposes 4.5 Million Fake Stars on GitHub
by
in SecurityNews
Tags: githubIn a study conducted by researchers from Carnegie Mellon University, North Carolina State University, and Socket, the integrity First seen on securityonline.info Jump to article: securityonline.info/unmasking-fraudulent-popularity-study-exposes-4-5-million-fake-stars-on-github/
-
Fraudulent rating-boosting stars prevalent in GitHub
by
in SecurityNews
Tags: githubFirst seen on scworld.com Jump to article: www.scworld.com/brief/fraudulent-rating-boosting-stars-prevalent-in-github
-
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
by
in SecurityNewsGitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings/
-
NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern
by
in SecurityNewsThe recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its extensive capabilities and ease of use. The availability of its latest version on an open-source…
-
PentestGPT A ChatGPT Powered Automated Penetration Testing Tool
by
in SecurityNewsGBHackers come across a new ChatGPT-powered Penetration testing Tool called >>PentestGPT>GreyDGL,
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 25
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion Spyware distributed through Amazon Appstore BADBOX Botnet Is Back Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware 4.5 Million (Suspected) Fake Stars in GitHub: A Growing…
-
DEF CON 32 Grand Theft Actions Abusing Self Hosted GitHub Runners
by
in SecurityNewsAuthors/Presenters: Adnan Khan, John Stawinski Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/def-con-32-grand-theft-actions-abusing-self-hosted-github-runners/
-
Die 10 besten APITools
by
in SecurityNews
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
GitHub launches a free version of its Copilot
by
in SecurityNews
Tags: githubFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/github-launches-a-free-version-of-its-copilot/
-
Hackers Exploit Linux eBPF Tech to Host Malware on GitHub and Blogs
by
in SecurityNewsKEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-linux-ebpf-tech-malware-github-blogs/
-
390,000 WordPress credentials compromised via phishing, GitHub repos
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos