Security News

Gits exposed, kinky app devs spanked, Feds spy on spyware buyers, etc
2018-09-08 09:46

Mac APT unearthed and other infosec bits and bytes summarized just for you Roundup This week brought with it a Supermicro shoring up firmware security, a North Korean hacking charge, and a spying...

Open .Git Directories Leave 390K Websites Vulnerable
2018-09-07 19:01

An exhaustive scan shows hundreds of thousands of websites potentially exposing sensitive data such as database passwords, API keys and so on.

Et tu, Gentoo? Horrible gits meddle with Linux distro's GitHub code
2018-06-28 23:58

If you downloaded anything from project's hub repos, consider it compromised If you have fetched anything from Gentoo's GitHub-hosted repositories today, dump those files – because hackers have...

Git users: Update now to avoid massive remote code execution flaw
2018-05-31 16:09

A newly reported exploit in Git allows attackers to run code on affected machines by using compromised repository files.

Bug In Git Opens Developer Systems Up to Attack
2018-05-30 20:12

A serious vulnerability was patched by developers behind Git that closes the door on a flaw that could lead to arbitrary code execution on a developer's system.

Git vulnerability could lead to an attack of the (repo) clones
2018-05-30 15:39

Best git patching y'all A new version of Git has been emitted to ward off potential arbitrary code execution as a result of merely cloning a malicious repository.…

Remote Code Execution Vulnerability Patched in Git
2018-05-30 12:40

Updates released on Tuesday for the Git version control system patch two security flaws, including a serious vulnerability that can be exploited for remote code execution using specially crafted...

Hackers Can Use Git Repos for Stealthy Attack on Developers (Security Week)
2017-08-04 08:48

Malicious actors can abuse GitHub and other services that host Git repositories for stealthy attacks aimed at software developers, experts showed recently at the Black Hat security conference in...

Torvalds Downplays SHA-1 Threat to Git (Threatpost)
2017-02-28 15:21

The ramifications of the recent SHA-1 collision attack have extended to Git and the Apache Subversion repository, both of which rely on the outdated and vulnerable hashing algorithm.