Security News
In the latest software supply chain attack, the official PHP Git repository was hacked and the code base tampered with. Yesterday, two malicious commits were pushed to the php-src Git repository maintained by the PHP team on their git.
In yet another instance of a software supply chain attack, unidentified actors hacked the official Git server of the PHP programming language and pushed unauthorized updates to insert a secret backdoor into its source code. The changes, which were committed as "Fix Typo" in an attempt to slip through undetected as a typographical correction, involved provisions for execution of arbitrary PHP code.
Researchers have now disclosed more information on how they were able to breach multiple websites of the Indian government. Last month, researchers from the Sakura Samurai hacking group had partially disclosed that they had breached cyber systems of Indian government after finding a large number of critical vulnerabilities.
Microsoft's GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier. As of next August, that requirement will be extended to all Git-related command line interactions, desktop apps that use Git, and software or services that access Git repos on GitHub via password.
A critical vulnerability in Git Large File Storage, an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker's malicious repository using a vulnerable Git version control tool, security researcher Dawid Golunski has discovered. Golunski found that Git LFS does not specify a full path to git binary when executing a new git process via a specific exec.
An EU-sponsored GDPR advice website run by Proton Technologies had a vulnerability that let anyone clone it and extract a MySQL database username and password. "The irony of a EU-funded website about GDPR having security issues isn't lost on us," mused the security consultancy.
The website, GDPR.EU, is an advice site for organizations that are struggling to comply with the General Data Protection Regulation laws that were imposed by the EU in 2018. "However, the irony of a EU-funded web site about GDPR having security issues isn't lost on us."
Learn how to gain more security in your git repository with the help of the git-secret tool. If you use Git for much of your development needs, you should know there's a dirty little secret to be found.
Your repo's dependencies need updating to close a hole? We're way ahead of you, pal GitHub can now automagically offer security patches for projects' third-party dependencies.…
Cybercriminals have been wiping GitHub, GitLab and Bitbucket repositories and asking their owners to pay a ransom to recover the data. The impacted Git service providers believe the attackers have...