Tag: github
-
3,1 Millionen bösartige Fake-Sterne auf GitHub entdeckt Tendenz steigend
by
in SecurityNews
Tags: githubIn einer umfassenden Studie ist ein US-Forschungsteam auf Millionen Fake-Sterne bei GitHub gestoßen und warnt vor einem rasant steigenden Trend. First seen on heise.de Jump to article: www.heise.de/news/3-1-Millionen-boesartige-Fake-Sterne-auf-GitHub-entdeckt-Tendenz-steigend-10223115.html
-
Unmasking Fraudulent Popularity: Study Exposes 4.5 Million Fake Stars on GitHub
by
in SecurityNews
Tags: githubIn a study conducted by researchers from Carnegie Mellon University, North Carolina State University, and Socket, the integrity First seen on securityonline.info Jump to article: securityonline.info/unmasking-fraudulent-popularity-study-exposes-4-5-million-fake-stars-on-github/
-
Fraudulent rating-boosting stars prevalent in GitHub
by
in SecurityNews
Tags: githubFirst seen on scworld.com Jump to article: www.scworld.com/brief/fraudulent-rating-boosting-stars-prevalent-in-github
-
Over 3.1 million fake “stars” on GitHub projects used to boost rankings
by
in SecurityNewsGitHub has a problem with inauthentic “stars” used to artificially inflate the popularity of scam and malware distribution repositories to appear more popular, helping them reach more unsuspecting users. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/over-31-million-fake-stars-on-github-projects-used-to-boost-rankings/
-
NjRat 2.3D Pro Edition Shared on GitHub: A Growing Cybersecurity Concern
by
in SecurityNewsThe recent discovery of the NjRat 2.3D Professional Edition on GitHub has raised alarms in the cybersecurity community. This notorious Remote Access Trojan (RAT), also known as Bladabindi, has long been a tool of choice for cybercriminals due to its extensive capabilities and ease of use. The availability of its latest version on an open-source…
-
PentestGPT A ChatGPT Powered Automated Penetration Testing Tool
by
in SecurityNewsGBHackers come across a new ChatGPT-powered Penetration testing Tool called >>PentestGPT>GreyDGL,
-
SECURITY AFFAIRS MALWARE NEWSLETTER ROUND 25
by
in SecurityNewsSecurity Affairs Malware newsletter includes a collection of the best articles and research on malware in the international landscape. Vishing via Microsoft Teams Facilitates DarkGate Malware Intrusion Spyware distributed through Amazon Appstore BADBOX Botnet Is Back Supply Chain Attack on Rspack npm Packages Injects Cryptojacking Malware 4.5 Million (Suspected) Fake Stars in GitHub: A Growing…
-
DEF CON 32 Grand Theft Actions Abusing Self Hosted GitHub Runners
by
in SecurityNewsAuthors/Presenters: Adnan Khan, John Stawinski Our sincere appreciation to DEF CON, and the Authors/Presenters for publishing their erudite DEF CON 32 content. Originating from the conference’s events located at the Las Vegas Convention Center; and via the organizations YouTube channel. Permalink First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/12/def-con-32-grand-theft-actions-abusing-self-hosted-github-runners/
-
Die 10 besten APITools
by
in SecurityNews
Tags: ai, api, application-security, cloud, computing, credentials, cyberattack, data, ddos, docker, github, hacker, hacking, infrastructure, injection, mobile, open-source, programming, risk, service, software, sql, tool, vulnerability, wafMithilfe von APIs können verschiedene Software-Komponenten und -Ressourcen miteinander interagieren. Foto: eamesBot shutterstock.comAnwendungsprogrammierschnittstellen (Application Programming Interfaces, APIs) sind zu einem wichtigen Bestandteil von Netzwerken, Programmen, Anwendungen, Geräten und fast allen anderen Bereichen der Computerlandschaft geworden. Dies gilt insbesondere für das Cloud Computing und das Mobile Computing. Beides könnte in der derzeitigen Form nicht existieren, wenn…
-
GitHub launches a free version of its Copilot
by
in SecurityNews
Tags: githubFirst seen on thesecurityblogger.com Jump to article: www.thesecurityblogger.com/github-launches-a-free-version-of-its-copilot/
-
Hackers Exploit Linux eBPF Tech to Host Malware on GitHub and Blogs
by
in SecurityNewsKEY SUMMARY POINTS Cybersecurity researchers Dr. Web have uncovered a new and active Linux malware campaign aimed at… First seen on hackread.com Jump to article: hackread.com/hackers-exploit-linux-ebpf-tech-malware-github-blogs/
-
390,000 WordPress credentials compromised via phishing, GitHub repos
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/news/390000-wordpress-credentials-compromised-via-phishing-github-repos
-
Hackers Use Fake PoCs on GitHub to Steal WordPress Credentials, AWS Keys
by
in SecurityNewsSUMMARY Datadog Security Labs’ cybersecurity researchers have discovered a new, malicious year-long campaign from a threat actor identified… First seen on hackread.com Jump to article: hackread.com/hackers-fake-pocs-github-wordpress-credentials-aws-keys/
-
Hackers Hack Hackers: MUT-1244 Steals Credentials in Deceptive GitHub Attack
by
in SecurityNewsAccording to Datadog Security Labs, a cybercriminal group known as MUT-1244 has launched a sophisticated attack campaign that successfully compromised not only regular users but also other hackers and security... First seen on securityonline.info Jump to article: securityonline.info/hackers-hack-hackers-mut-1244-steals-credentials-in-deceptive-github-attack/
-
390,000+ WordPress Credentials Stolen via Malicious GitHub Repository Hosting PoC Exploits
by
in SecurityNewsA now-removed GitHub repository that advertised a WordPress tool to publish posts to the online content management system (CMS) is estimated to have enabled the exfiltration of over 390,000 credentials.The malicious activity is part of a broader attack campaign undertaken by a threat actor, dubbed MUT-1244 (where MUT refers to “mysterious unattributed threat”) by Datadog…
-
Ultralytics Supply-Chain Attack
by
in SecurityNewsLast week, we saw a supply-chain attack against the Ultralytics AI library on GitHub. A quick summary: On December 4, a malicious version 8.3.41 of the popular AI library ultralytics ”, which has almost 60 million downloads”, was published to the Python Package Index (PyPI) package repository. The package contained downloader code that was downloading…
-
Black Hat Europe preview: Cryptographic protocol attacks and AI in the spotlight
by
in SecurityNews
Tags: access, ai, application-security, attack, authentication, backdoor, best-practice, computer, conference, control, cybercrime, cybersecurity, data, dns, encryption, exploit, finance, github, government, hacker, healthcare, identity, injection, Internet, LLM, malicious, microsoft, mitigation, office, open-source, radius, RedTeam, risk, service, sophos, technology, tool, training, vulnerability, vulnerability-management, windowsThis week in London Black Hat Europe will feature a diverse range of talks and presentations covering the latest developments in cybersecurity.The opening keynote on Wednesday will be delivered by Frédérick Douzet, a professor of geopolitics at the University of Paris 8, and director of the French Institute of Geopolitics research team. No preview is…
-
Compromised AI Library Delivers Cryptocurrency Miner via PyPI
The compromised ultralytics AI library delivered XMRig miner via GitHub Actions exploit First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/ai-library-delivers-cryptocurrency/
-
Supply chain compromise of Ultralytics AI library results in trojanized versions
by
in SecurityNewsAttackers have compromised Ultralytics YOLO packages published on PyPI, the official Python package index, by compromising the build environment of the popular library for creating custom machine learning models. The malicious code deployed cryptocurrency mining malware on systems that installed the package, but the attackers could have delivered any type of malware.According to researchers from…
-
Analyzing Tokenizer Part 2: Omen + Tokenizer
by
in SecurityNews“I have not failed. I’ve just found 10,000 ways that won’t work” – Thomas Edison Introduction: This is a continuation of a deep dive into John the Ripper’s new Tokenizer attack. Instruction on how to configure and run the original version of Tokenizer can be found [Here]. As a warning, those instructions need to be updated…
-
Linux Foundation report highlights the true state of open source libraries in production apps
by
in SecurityNewsThere are many metrics to track the prevalence of open source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis…
-
Linux Foundation report highlights the true state of open-source libraries in production apps
by
in SecurityNewsThere are many metrics to track the prevalence of open-source components, such as GitHub stars and downloads, but they don’t paint the full picture of how they’re being used in production codebases. Census III of Free and Open Source Software: Application Libraries leans on more than 12 million data points from software composition analysis (SCA)…
-
GitHub’s boast that Copilot produces high-quality code challenged
by
in SecurityNewsWe’re shocked shocked that Microsoft’s study of its own tools might not be super-rigorous First seen on theregister.com Jump to article: www.theregister.com/2024/12/03/github_copilot_code_quality_claims/
-
Wiederherstellung und Backup für GitHub, GitLab und Bitbucket – HYCU ermöglicht Code ohne Datenverlustrisiko
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/hycu-unterstuetzt-github-gitlab-data-protection-a-ac1b75e41a693e8ee1674848f71193c3/
-
JFrog integriert GitHub und optimiert sicheres Software Supply Chain Management
by
in SecurityNewsIm Rahmen einer fortlaufenden Initiative wollen beide Unternehmen eine Roadmap für kontinuierliche Verbesserungen aufstellen, um sicherzustellen, dass… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-integriert-github-und-optimiert-sicheres-software-supply-chain-management/a37534/
-
Check Point entdeckt erfolgreiches Malware-Netzwerk auf GitHub
by
in SecurityNewsGitHub, der weltweit größte Quellcode-Host, ist integraler Bestandteil von über 100 Millionen Entwicklern und bietet mehr als 420 Millionen Repositori… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/check-point-entdeckt-erfolgreiches-malware-netzwerk-auf-github/a37903/
-
JFrog und GitHub stärken Zusammenarbeit mit Copilot-Chat und Software-Supply-Chain-Schutz
by
in SecurityNewsDie Integration von JFrog in GitHub ermöglicht eine nahtlose und sichere Verfolgung des Codes von der Quelle bis zu den resultierenden Binärdateien au… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-und-github-staerken-zusammenarbeit-mit-copilot-chat-und-software-supply-chain-schutz/a38345/
-
Stargazers Ghost: 3.000 falsche GitHub Accounts verbreiten Malware
by
in SecurityNewsDas Hacker-Netzwerk ‘Stargazers Ghost nutzt den Quellcode-Host GitHub, um über gefälschte Accounts Malware zu verbreiten, wie Sicherheitsforscher von … First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/stargazers-ghost-3-000-falsche-github-accounts-verbreiten-malware