Tag: github
-
JFrog und GitHub stärken Zusammenarbeit mit Copilot-Chat und Software-Supply-Chain-Schutz
by
in SecurityNewsDie Integration von JFrog in GitHub ermöglicht eine nahtlose und sichere Verfolgung des Codes von der Quelle bis zu den resultierenden Binärdateien au… First seen on infopoint-security.de Jump to article: www.infopoint-security.de/jfrog-und-github-staerken-zusammenarbeit-mit-copilot-chat-und-software-supply-chain-schutz/a38345/
-
Stargazers Ghost: 3.000 falsche GitHub Accounts verbreiten Malware
by
in SecurityNewsDas Hacker-Netzwerk ‘Stargazers Ghost nutzt den Quellcode-Host GitHub, um über gefälschte Accounts Malware zu verbreiten, wie Sicherheitsforscher von … First seen on 8com.de Jump to article: www.8com.de/cyber-security-blog/stargazers-ghost-3-000-falsche-github-accounts-verbreiten-malware
-
YouShallNotPass! Hardening CI/CD pipelines on mission critical environments
by
in SecurityNewsKudelski Security has developed an open-source solution named YouShallNotPass (YSNP) to enhance the security of GitLab and GitHub pipelines. YSNP vali… First seen on research.kudelskisecurity.com Jump to article: research.kudelskisecurity.com/2023/11/01/youshallnotpass-hardening-ci-cd-pipelines-on-mission-critical-environments/
-
Popular game script spoofed to infect thousands of game developers
by
in SecurityNewsA malware loader, now named GodLoader, has been observed to be using Godot, a free and open-source game engine, as its runtime to execute malicious codes and has dropped known malware on at least 17,000 machines.Unaware users of the engine, which helps create 2D and 3D games and deploy them across various platforms including Windows,…
-
GitHub Secure Open Source Fund: Project maintainers, apply now!
by
in SecurityNewsGitHub is calling on maintainers of open source projects to apply for the newly opened Secure Open Source Fund, to get funding and knowledge to improve the security and … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/20/open-source-security-funding/
-
GitHub Launches Fund to Improve Open Source Project Security
by
in SecurityNewsGitHub has launched a $1.25 million fund to be invested in improving the security of 125 open source projects. The post GitHub Launches Fund to Improve Open Source Project Security appeared first on SecurityWeek. First seen on securityweek.com Jump to article: www.securityweek.com/github-launches-fund-to-improve-open-source-project-security/
-
GitHub launches $1.25M open source fund with a focus on security
by
in SecurityNewsThe open source funding problem is very real, but a slew of initiatives have emerged of late, with startups, corporations, and venture capitalists launching various programs to support some of the most critical projects via equity-free financing. Today it’s GitHub’s turn, launching the GitHub Secure Open Source Fund with an initial commitment of $1.25 million…
-
Unraveling Raspberry Robin’s Layers: Analyzing Obfuscation Techniques and Core Mechanisms
by
in SecurityNewsIntroductionDiscovered in 2021, Raspberry Robin (also known as Roshtyak) is a malicious downloader that has circulated in the wild for several years, primarily spreading through infected USB devices. Although USB devices are a common and unremarkable tactic for spreading malware, Raspberry Robin stands out due to its unique binary-obfuscation techniques, extensive use of anti-analysis methods,…
-
The Problem of Permissions and Non-Human Identities – Why Remediating Credentials Takes Longer Than You Think
by
in SecurityNewsAccording to research from GitGuardian and CyberArk, 79% of IT decision-makers reported having experienced a secrets leak, up from 75% in the previous year’s report. At the same time, the number of leaked credentials has never been higher, with over 12.7 million hardcoded credentials in public GitHub repositories alone. One of the more troubling aspects…
-
GitHub projects targeted with malicious commits to frame researcher
GitHub projects have been targeted with malicious commits and pull requests, in an attempt to inject backdoors into these projects. Most recently, the GitHub repository of Exo Labs, an AI and machine learning startup, was targeted in the attack, which has left many wondering about the attacker’s true intentions. First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-projects-targeted-with-malicious-commits-to-frame-researcher/
-
Breach Roundup: Reserachers Showcase ‘FortiJumpHigher’
by
in SecurityNewsAlso: Honeypot ‘Jinn Ransomware,’ Patch Tuesday and At Risk Sectors. This week, Researchers say Fortinet didn’t fully patch FortiJump, Jinn Ransomware was a set up, Microsoft Patch Tuesday and a Moody’s warning over at-risk sectors. Also, a debt servicing firm breach, a DemandScience breach and a malicious tool targetint GitHub users. First seen on govinfosecurity.com…
-
Blinded by Silence
by
in SecurityNews
Tags: access, antivirus, attack, backdoor, breach, control, credentials, crowdstrike, cybersecurity, data, defense, detection, edr, endpoint, exploit, extortion, firewall, github, malicious, malware, microsoft, mitre, monitoring, network, open-source, phone, ransomware, risk, service, siem, sophos, threat, tool, update, vulnerability, windowsBlinded by Silence: How Attackers Disable EDR Overview Endpoint Detection and Response systems (EDRs) are an essential part of modern cybersecurity strategies. EDR solutions gather and analyze data from endpoints to identify suspicious activities and provide real-time threat visibility. This allows security teams to respond quickly to incidents, investigate threats thoroughly, and mitigate the impact of…
-
Feds Warn of Godzilla Webshell Threats to Health Sector
by
in SecurityNewsStealthy Backdoor Publicly Available on GitHub Can Be Weaponized for Larger Attacks. Godzilla webshell, a Chinese-language backdoor known for its stealth and ability to execute commands and manipulate files, is now publicly available on GitHub, and federal authorities have issued a stern warning to the healthcare sector to prepare for this threat and inevitable cyberattacks.…
-
GitHub developer compromise sought by novel GoIssue phishing tool
by
in SecurityNewsFirst seen on scworld.com Jump to article: www.scworld.com/brief/github-developer-compromise-sought-by-novel-goissue-phishing-tool
-
GoIssue phishing tool targets GitHub developer credentials
by
in SecurityNewsResearchers discovered GoIssue, a new phishing tool targeting GitHub users, designed to extract email addresses from public profiles and launch mass email attacks. Marketed on … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/13/goissue-phishing-tool-targets-github-developer-credentials/
-
‘GoIssue’ Cybercrime Tool Targets GitHub Developers En Masse
by
in SecurityNewsMarketed on a cybercriminal forum, the $700 tool harvests email addresses from public GitHub profiles, priming cyberattackers for further credential theft, malware delivery, OAuth subversion, supply chain attacks, and other corporate breaches. First seen on darkreading.com Jump to article: www.darkreading.com/cloud-security/goissue-cybercrime-tool-github-developers-en-masse
-
Phishing Tool GoIssue Targets Developers on GitHub
by
in SecurityNewsNew phishing tool GoIssue targets GitHub, enabling mass phishing, and has been linked to the GitLoker extortion campaign First seen on infosecurity-magazine.com Jump to article: www.infosecurity-magazine.com/news/phishing-goissue-targets-github/
-
New GoIssue Tool Targets GitHub Devs And Corporate Supply Chains
by
in SecurityNewsFirst seen on packetstormsecurity.com Jump to article: packetstormsecurity.com/news/view/36585/New-GoIssue-Tool-Targets-GitHub-Devs-And-Corporate-Supply-Chains.html
-
New Phishing Tool GoIssue Targets GitHub Developers in Bulk Email Campaigns
by
in SecurityNewsCybersecurity researchers are calling attention to a new sophisticated tool called GoIssue that can be used to send phishing messages at scale targeting GitHub users.The program, first marketed by a threat actor named cyberdluffy (aka Cyber D’ Luffy) on the Runion forum earlier this August, is advertised as a tool that allows criminal actors to…
-
New GitLoker-Linked GoIssue Tool Targets GitHub Users for Phishing
by
in SecurityNewsSlashNext researchers have discovered a new, sophisticated phishing tool GoIssue targeting GitHub developers. Learn about its capabilities, the… First seen on hackread.com Jump to article: hackread.com/gitloker-goissue-tool-targets-github-phishing-users/
-
GitLoker Strikes Again: New >>Goissue<< Tool Targets GitHub Developers and Corporate Supply Chains
by
in SecurityNewsGoIssue is a new tool for cybercriminals that allows attackers to extract email addresses from GitHub profiles and send bulk emails to users. The post GitLoker Strikes Again: New >>Goissue
-
Python dethrones JavaScript as the most-used language on GitHub
by
in SecurityNews
Tags: githubFirst seen on theregister.com Jump to article: www.theregister.com/2024/11/05/python_dethrones_javascript_github/
-
Apple’s 45-day certificate proposal: A call to action
by
in SecurityNewsIn a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. … First seen on helpnetsecurity.com Jump to article: www.helpnetsecurity.com/2024/11/08/apple-shorter-certificate-lifespans-proposal/
-
How To Create a Complete GitHub Backup
by
in SecurityNewsFirst seen on hackread.com Jump to article: hackread.com/how-to-create-a-complete-github-backup/
-
Schwachstelle bei der Authentifizierung – Angreifer können GitHub Enterprise Server übernehmen
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/github-enterprise-server-sicherheitsupdates-a-91b557e3d24a4e91a9d135a1b5b1298a/
-
GitHub, Telegram Bots, and ASCII QR Codes Abused in New Wave of Phishing Attacks
A new tax-themed malware campaign targeting insurance and finance sectors has been observed leveraging GitHub links in phishing email messages as a wa… First seen on thehackernews.com Jump to article: thehackernews.com/2024/10/github-telegram-bots-and-qr-codes.html
-
Researchers Debut AI Tool That Helps Detect Zero-Days
by
in SecurityNewsVulnerability Tool Detected Flaws in OpenAI and Nvidia APIs Used in GitHub Projects. Security researchers have developed an AI tool that can detect re… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/researchers-debut-ai-tool-that-helps-detect-zero-days-a-26575
-
GitHub patches critical vulnerability in its Enterprise Servers
by
in SecurityNewsFirst seen on cyberscoop.com Jump to article: cyberscoop.com/github-enterprise-vulnerability-sso-saml/