GitHub
Complex Supply Chain Attack Targets GitHub Developers
Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members ...
Security Boulevard
Sentry, GitHub Use AI to Help Fix Coding Errors
Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature ...
Security Boulevard
GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL
Richi Jennings | | Apiiro, App Sec & Supply Chain Security, AppSec & Supply Chain Security, dependency confusion, dependency confusion attacks, GitHub, github application security, github bug, GitHub Exploit, GitHub repositories, GitHub Security Measures, github security scanning, GitHub Security Vulnerabilities, Open Source and Software Supply Chain Risks, open source software supply chain, open source software supply chain security, repo confusion, SB Blogwatch, secure software supply chain, software supply chain, software supply chain attack, software supply chain attacks, software supply chain automation, software supply chain hygiene, software supply chain risk, Software Supply Chain risks, software supply chain security, Software Supply Chain Security Weaknesses, supply chain, supply chain security, Supply-Chain Insecurity
Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times ...
Security Boulevard
‘Extremely serious’ — Mercedes-Benz Leaks Data on GitHub
Richi Jennings | | Compromised Credential, compromised credentials, credential, Credential Compromise, Credential Hunting, credential loss, credential management, Credential Monitoring, Credential Storage, Germany, git, GitHub, GitHub repositories, GitHub repository, GitHub Security Best Practices, Mercedes-Benz, SB Blogwatch
Oh, Lord: My friends all hack Porsches—I must make amends ...
Security Boulevard
Attackers Finding Novel Ways to Abuse GitHub: ReversingLabs
Threat actors are finding new ways to take advantage of GitHub in hopes of tricking developers into putting malicious code into their software and sending to users downstream, according to researchers with ...
Security Boulevard
NSA Releases EliteWolf GitHub Repository for Securing OT Environments
The National Security Agency released a code repository in GitHub to make it easier for critical infrastructure organizations and similar entities to better identify and detect potentially malicious activities in their operational ...
Security Boulevard
Biggest GitHub code security threats | Software Supply Chain Security | Contrast Security
Lisa Vaas, Senior Content Marketing Manager, Contrast Security | | Contrast SCA, Cybersecurity, GitHub, github application security, github secure code, github security scanning, PATs, personal access tokens, SCA, supply chain
GitHub is the Megladon of source code hosts, and as such, it sports a gargantuan bulls-eye that flashes neon to hackers looking to poison the software supply chain. ...
GitHub Repositories Victimized Amid Supply Chain Attack
Wajahat Raja | | Cyber Threats, Cybersecurity, Cybersecurity News, Dependabot, GitHub, GitHub repositories, Malware, supply chain attack
In a digital landscape rife with vulnerabilities, a recent and disconcerting phenomenon has come to light. GitHub repositories, the foundation of numerous software projects, have been victimized by a devious supply chain ...
Beware: WinRAR Vulnerability PoC Exposed
Wajahat Raja | | Cybersecurity Best Practices, Cybersecurity News, cybersecurity threats, Deceptive PoCs, Fake PoC Exploit, GitHub, Malicious Exploits, Malware Detection, Palo Alto Networks, threat actor, VenomRAT Malware, WinRAR Vulnerability, zero-day vulnerabilities
A hacker recently posted a fake proof-of-concept (PoC) exploit for a previously patched WinRAR vulnerability, which is a concerning revelation. The goal of this malevolent operation was to infect unsuspecting downloaders with ...
Cybersecurity Insights with Contrast CISO David Lindner | 9/29
David Lindner, Director, Application Security | | Attack, CISO, Cybersecurity, Dependabot, GitHub, passwords, supply chain, Thought Leaders
Insight #1 For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is forcing users into choosing ...