Tag: github
-
Supply chain attack abuses GitHub features to spread malware
by
in SecurityNewsCheckmarx warned developers to be cautious when choosing which repositories to use, as attackers are manipulating GitHub features to boost malicious c… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366580379/Supply-chain-attack-abuses-GitHub-features-to-spread-malware
-
Cyber crooks poison GitHub search to fool developers
by
in SecurityNewsResearchers share data on new technique whereby malicious actors are manipulating GitHub’s search function and using cleverly crafted repositories to … First seen on computerweekly.com Jump to article: www.computerweekly.com/news/366580472/Cyber-crooks-poison-GitHub-search-to-fool-developers
-
Schwachstelle beim Upload in GitHub identifiziert – GitHub ermöglicht Upload von Schadsoftware
by
in SecurityNewsFirst seen on security-insider.de Jump to article: www.security-insider.de/github-kommentar-malware-luecke-gefaehrliche-dateien-hochgeladen-a-a6d3c917a78a0b857016aaa63199866a/
-
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/threat-intelligence/hackers-create-legit-phishing-links-with-ghost-github-gitlab-comments
-
GitHub Actions-hosted runners tie in Azure private networks
Private network support is also planned for AWS and Google Cloud Platform, but industry watchers see a power play for Microsoft Azure in GitHub Action… First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366577823/GitHub-Actions-hosted-runners-tie-in-Azure-private-networks
-
Microsoft Releases New-Open Source Tool for OT Security
by
in SecurityNewsICSpector Is Now on GitHub, Scans PLCs, Extracts Info and Detects Malicious Code. Microsoft has released a new open-source security tool to close gaps… First seen on govinfosecurity.com Jump to article: www.govinfosecurity.com/microsoft-releases-new-open-source-tool-for-ot-security-a-24961
-
Microsoft dusts off ancient MS-DOS 4.0 code for release on GitHub
by
in SecurityNewsFirst seen on theregister.com Jump to article: www.theregister.com/2024/04/26/ms_dos_4_open_source/
-
GitHub Comments Abused to Spread Malware in Fake Microsoft Repositories
by
in SecurityNewsFirst seen on hackread.com Jump to article: www.hackread.com/github-comment-malware-fake-microsoft-repositories/
-
Abusing GitHub flaw could compromise GitLab
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/abusing-github-flaw-could-compromise-gitlab
-
Top.gg supply chain attack highlights subtle risks
by
in SecurityNewsThreat actors used fake Python infrastructure and cookie-stealing to poison multiple GitHub code repositories, putting another spotlight on supply cha… First seen on techtarget.com Jump to article: www.techtarget.com/searchsecurity/news/366575534/Topgg-supply-chain-attack-highlights-subtle-risks
-
GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/gitlab-affected-by-github-style-cdn-flaw-allowing-malware-hosting/
-
GitHub comments abused to push malware via Microsoft repo URLs
A GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with a Microsoft repository… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/github-comments-abused-to-push-malware-via-microsoft-repo-urls/
-
Story 1: Removing super-admin tokens across 33 GitHub tenants in 2 hours
by
in SecurityNewsJoin Astrix customers as they lead the non-human identity security frontier in this series The Astrix stories: Real customer wins. From building an au… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/04/story-1-removing-super-admin-tokens-across-33-github-tenants-in-2-hours/
-
Beware: GitHub’s Fake Popularity Scam Tricking Developers into Downloading Malware
by
in SecurityNewsThreat actors are now taking advantage of GitHub’s search functionality to trick unsuspecting users looking for popular repositories into downloading … First seen on thehackernews.com Jump to article: thehackernews.com/2024/04/beware-githubs-fake-popularity-scam.html
-
Crooks manipulate GitHub’s search results to distribute malware
by
in SecurityNewsResearchers warn threat actors are manipulating GitHub search results to target developers with persistent malware. Checkmarx researchers reported tha… First seen on securityaffairs.com Jump to article: securityaffairs.com/161792/cyber-crime/githubs-search-results-distribute-malware.html
-
Threat Actors Manipulate GitHub Search to Deliver Malware
Checkmarx warns of a new attack relying on GitHub search manipulation to deliver malicious code. The post x warns of a new attack relying on GitHub se… First seen on securityweek.com Jump to article: www.securityweek.com/threat-actors-manipulate-github-search-to-deliver-malware/
-
GitHub search exploited for malware distribution
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/github-search-exploited-for-malware-distribution
-
Hackers Manipulate GitHub Search To Deliver Clipboard-Hijacking Malware
by
in SecurityNewsIn a sophisticated cyberattack campaign uncovered on April 10, 2024, cybercriminals are exploiting GitHub’s search functionality to distribute a parti… First seen on gbhackers.com Jump to article: gbhackers.com/manipulate-github-search-to-deliver-malware/
-
Malicious Visual Studio projects on GitHub push Keyzetsu malware
by
in SecurityNewsThreat actors are abusing GitHub automation features and malicious Visual Studio projects to push a new variant of the Keyzetsu clipboard-hijacking ma… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/malicious-visual-studio-projects-on-github-push-keyzetsu-malware/
-
Acuity confirms hackers stole non-sensitive govt data from GitHub repos
by
in SecurityNewsAcuity, a federal contractor that works with U.S. government agencies, has confirmed that hackers breached its GitHub repositories and stole documents… First seen on bleepingcomputer.com Jump to article: www.bleepingcomputer.com/news/security/acuity-confirms-hackers-stole-non-sensitive-govt-data-from-github-repos/
-
Hackers Hijack GitHub Accounts in Supply Chain Attack Affecting Top-gg and Others
by
in SecurityNewsUnidentified adversaries orchestrated a sophisticated attack campaign that has impacted several individual developers as well as the GitHub organizati… First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-hijack-github-accounts-in.html
-
Hackers Using Cracked Software on GitHub to Spread RisePro Info Stealer
by
in SecurityNewsCybersecurity researchers have found a number of GitHub repositories offering cracked software that are used to deliver an information stealer called … First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/hackers-using-cracked-software-on.html
-
GitHub Launches AI-Powered Autofix Tool to Assist Devs in Patching Security Flaws
GitHub on Wednesday announced that it’s making available a feature called code scanning autofix in public beta for all;Advanced Security customers;to … First seen on thehackernews.com Jump to article: thehackernews.com/2024/03/github-launches-ai-powered-autofix-tool.html
-
GitHub Developers Hit in Complex Supply Chain Cyberattack
by
in SecurityNewsFirst seen on darkreading.com Jump to article: www.darkreading.com/application-security/github-developers-hit-in-complex-supply-chain-cyberattack
-
170K+ Python Developers GitHub Accounts Hacked in Supply Chain Attack
by
in SecurityNewsOver 170,000 users have fallen victim to a meticulously orchestrated scheme exploiting the Python software supply chain. The Checkmarx Research team h… First seen on gbhackers.com Jump to article: gbhackers.com/170k-user-accounts-hacked/
-
Complex Supply Chain Attack Targets GitHub Developers
by
in SecurityNewsUnidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform,… First seen on securityboulevard.com Jump to article: securityboulevard.com/2024/03/complex-supply-chain-attack-targets-github-developers/
-
New Nvidia, GitHub AI coding assistants expand devs’ options
by
in SecurityNewsGitHub Copilot Enterprise and StarCoder2 LLMs, both released this week, will add to an array of AI coding assistants, but caution, especially with sec… First seen on techtarget.com Jump to article: www.techtarget.com/searchsoftwarequality/news/366571641/New-Nvidia-GitHub-AI-coding-assistants-expand-devs-options
-
Hackers Deploy STRRAT VCURMS Malware on Windows Via GitHub
A new phishing campaign targets users with emails containing a button to >>verify payment information.
-
Automated code vulnerability remediation enabled by new GitHub AI tool
by
in SecurityNewsFirst seen on scmagazine.com Jump to article: www.scmagazine.com/brief/automated-code-vulnerability-remediation-enabled-by-new-github-ai-tool
-
KI fixt Schwachstellen automatisch: GitHub startet Code Scanning Autofix
by
in SecurityNewsKunden von GitHub Advanced Security erhalten automatische Vorschläge zum Beheben von Schwachstellen. Grundlage sind Copilot und die Analyse-Engine Cod… First seen on heise.de Jump to article: www.heise.de/news/Mit-KI-gegen-Schwachstellen-im-Sourcecode-GitHub-startet-Code-Scanning-Autofix-9661229.html