Tag: github
-
There is no real fix to the security issues recently found in GitHub and other similar software
by
in SecurityNewsThe lesson for users, especially if you’re a private company that primarily uses GitHub, is just to understand the inherent dangers of using open-sour… First seen on blog.talosintelligence.com Jump to article: blog.talosintelligence.com/threat-source-newsletter-aug-1-2024/
-
Researcher says deleted GitHub data can be accessed ‘forever’
by
in SecurityNewsTruffle Security researcher John Leon warned GitHub users that deleted repository data is never actually deleted, which creates an enormous attack vec… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366599096/Researcher-says-deleted-GitHub-data-can-be-accessed-forever
-
USENIX Security ’23 ARGUS: A Framework for Staged Static Taint Analysis of GitHub Workflows and Actions
by
in SecurityNewsAuthors/Presenters:Siddharth Muralee, Igibek Koishybayev, Aleksandr Nahapetyan, Greg Tystahl, Brad Reaves, Antonio Bianchi, William Enck, Alexandros K… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/08/usenix-security-23-argus-a-framework-for-staged-static-taint-analysis-of-github-workflows-and-actions/
-
Critical GitHub Enterprise Server auth bypass flaw fixed (CVE-2024-6800)
by
in SecurityNewsA critical vulnerability (CVE-2024-6800) affecting all currently supported versions of GitHub Enterprise Server (GHES) may allow attackers to gain unr… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/22/cve-2024-6800/
-
Developers Beware! Fake Job Offers from Legitimate Github Address
A new phishing campaign is targeting developers by exploiting GitHub’s legitimate infrastructure. This sophisticated attack involves fake job offers s… First seen on gbhackers.com Jump to article: gbhackers.com/developers-beware-fake-job-offers/
-
Schwachstellen im Code dreimal schneller beheben
by
in SecurityNewsFirst seen on golem.de Jump to article: www.golem.de/news/github-schwachstellen-im-code-dreimal-schneller-beheben-2408-187990.html
-
GitHub Vulnerability ‘ArtiPACKED’ Exposes Repositories to Potential Takeover
by
in SecurityNewsA newly discovered attack vector in GitHub Actions artifacts dubbed ArtiPACKED could be exploited to take over repositories and gain access to organiz… First seen on thehackernews.com Jump to article: thehackernews.com/2024/08/github-vulnerability-artipacked-exposes.html
-
GitHub fixed a new critical flaw in the GitHub Enterprise Server
by
in SecurityNewsGitHub addressed three vulnerabilities in its GitHub Enterprise Server product, including a critical authentication flaw. GitHub addressed three secur… First seen on securityaffairs.com Jump to article: securityaffairs.com/167387/security/github-enterprise-server-critical-flaw.html
-
GitHub Enterprise Server vulnerable to critical auth bypass flaw
by
in SecurityNewsA critical vulnerability affecting multiple versions of GitHub Enterprise Server could be exploited to bypass authentication and enable an attacker to… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-enterprise-server-vulnerable-to-critical-auth-bypass-flaw/
-
Critical Authentication Flaw Haunts GitHub Enterprise Server
by
in SecurityNewsGitHub patches a trio of security defects in the GitHub Enterprise Server product and recommends urgent patching for corporate users. The post Critica… First seen on securityweek.com Jump to article: www.securityweek.com/critical-authentication-flaw-haunts-github-enterprise-server/
-
GitHub Attack Vector Cracks Open Google, Microsoft, AWS Projects
Cloud services and thus millions of end users who access them could have been affected by the poisoning of artifacts in the development workflow of op… First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/github-attack-vector-google-microsoft-aws-projects
-
ArtiPACKED Flaw Exposed GitHub Actions to Token Leaks
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/artipacked-flaw-exposed-github-actions-to-token-leaks/
-
Are Your GitHub Artifacts Leaking Tokens?
by
in SecurityNews
Tags: githubFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36217/Are-Your-GitHub-Artifacts-Leaking-Tokens.html
-
Malware crew Stargazers Goblin used 3,000 GitHub accounts to make bank
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/07/26/github_stargazers_goblin_malware/
-
GitHub Actions Artifacts Leak Tokens and Expose Cloud Services and Repositories
by
in SecurityNewsMisconfigurations and security bugs lead to GitHub Actions artifacts exposing tokens for third party cloud services and GitHub repositories. The post … First seen on securityweek.com Jump to article: www.securityweek.com/github-actions-artifacts-leak-tokens-and-expose-cloud-services-and-repositories/
-
GitHub rolls back database change after breaking itself
by
in SecurityNews
Tags: githubFirst seen on theregister.com Jump to article: www.theregister.com/2024/08/14/github_rollback/
-
GitHub Actions artifacts found leaking auth tokens in popular projects
by
in SecurityNewsMultiple high-profile open-source projects, including those from Google, Microsoft, AWS, and Red Hat, were found to leak GitHub authentication tokens … First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-actions-artifacts-found-leaking-auth-tokens-in-popular-projects/
-
Are your GitHub Action artifacts leaking tokens?
by
in SecurityNews
Tags: githubFirst seen on scmagazine.com Jump to article: www.scmagazine.com/news/are-your-github-action-artifacts-leaking-tokens
-
FYI: Data from deleted GitHub repos may not actually be deleted
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/07/25/data_from_deleted_github_repos/
-
GitHub Makes Copilot Autofix Generally Available
by
in SecurityNewsGitHub has made AI-powered Copilot Autofix generally available to help developers fix code vulnerabilities faster. The post GitHub Makes Copilot Autof… First seen on securityweek.com Jump to article: www.securityweek.com/github-makes-copilot-autofix-generally-available/
-
35% of exposed API keys still active, posing major security risks
by
in SecurityNewsNightfall AI’s research revealed that secrets like passwords and API keys were most often found in GitHub, with nearly 350 total secrets exposed per 1… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/13/api-keys-secrets/
-
Fake Google Authenticator Used To Deliver Malware On GitHub
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36173/Fake-Google-Authenticator-Used-To-Deliver-Malware-On-GitHub.html
-
A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub
by
in SecurityNewsCybersecurity researchers have spotted a 3,000-account network on GitHub that is manipulating the platform and spreading ransomware and info stealers…. First seen on wired.com Jump to article: www.wired.com/story/github-malware-spreading-network-stargazer-goblin/
-
Check Point entdeckt Malware-Netzwerk auf GitHub und YouTube – Stargazers Ghost Network verteilt Malware über GitHub
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/entdeckung-stargazers-ghost-network-malware-kampagne-github-a-89cbb9a364b2cf1fad46ce612fd856c3/
-
Number of incidents affecting GitHub, Bitbucket, GitLab, and Jira continues to rise
by
in SecurityNewsOutages, human errors, cyberattacks, data breaches, ransomware, security vulnerabilities, and, as a result, data loss are the reality that DevSecOps t… First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/08/07/github-bitbucket-gitlab-jira-incidents/
-
Malware-Netzwerk auf Github entdeckt
Check Point Software Technologies hat eine ausgeklügelte Hacker-Kampagne entdeckt. Diese als Stargazers-Ghost-Network benannte Operation verteilt Malw… First seen on netzpalaver.de Jump to article: netzpalaver.de/2024/07/29/malware-netzwerk-auf-github-entdeckt/
-
Warum private und gelöschte GitHub-Quellcodes öffentlich einsehbar bleiben und wie ihr euch schützt
by
in SecurityNews
Tags: githubFirst seen on t3n.de Jump to article: t3n.de/news/private-und-geloeschte-github-quellcodes-einsehbar-1637446/
-
‘Stargazer Goblin’ Amasses Rogue GitHub Accounts to Spread Malware
The threat group uses its Stargazers Ghost Network to star, fork, and watch malicious repos to make them seem legitimate, all to distribute a variety … First seen on darkreading.com Jump to article: www.darkreading.com/application-security/stargazer-goblin-amasses-rogue-github-accounts-to-spread-malware
-
3,000 Fake GitHub Accounts Used to Spread Malware in Stargazers Ghost Scheme
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/fake-github-accounts-spread-malware-stargazers-ghost/
-
GitHub Network Fuels Malware Distribution Operation
Threat Actors Profit from GitHub’s Inauthentic Accounts Network. Hackers apparently stymied by improved network detection of malware are turning to fa… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/github-network-fuels-malware-distribution-operation-a-25877