Security News

Okta's source code stolen after GitHub repositories hacked
2022-12-21 06:15

Okta, a leading provider of authentication services and Identity and Access Management solutions, says that its private GitHub source code repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code.

Okta says its GitHub account hacked, source code stolen
2022-12-21 06:15

Okta, a leading provider of authentication services and Identity and Access Management solutions, says that its private GitHub source code repositories were hacked this month. According to a 'confidential' email notification sent by Okta and seen by BleepingComputer, the security incident involves threat actors stealing Okta's source code.

GitHub Announces Free Secret Scanning for All Public Repositories
2022-12-16 12:24

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company said, adding it's expected to complete the rollout by the end of January 2023.

GitHub to require all users to enable 2FA by the end of 2023
2022-12-15 20:16

GitHub will require all users who contribute code on the platform to enable two-factor authentication as an additional protection measure on their accounts by the end of 2023. Imposing 2FA as a mandatory measure for all GitHub accounts will make the platform a safer space where users can feel more confident about the quality of the code they download from repositories.

GitHub rolls out free secret scanning for all public repositories
2022-12-15 19:09

GitHub is rolling out support for the free scanning of exposed secrets to all public repositories on its code hosting platform. Secret scanning is a security option that organizations can enable for additional repository scanning to detect accidental exposure of known types of secrets.

Researchers Uncover New Drokbk Malware that Uses GitHub as a Dead Drop Resolver
2022-12-09 11:25

The subgroup of an Iranian nation-state group known as Nemesis Kitten has been attributed as behind a previously undocumented custom malware dubbed Drokbk that uses GitHub as a dead drop resolver...

GitHub sets up private vulnerability reports for public repos to avoid 'naming and shaming'
2022-11-14 22:00

GitHub is offering a scheme for security researchers to privately report vulnerabilities found in public repositories. Being able to privately report code flaws is important to researchers who are often left with choices that can lead to more security problems, GitHub said in a blog post.

Microsoft sued for open-source piracy through GitHub Copilot
2022-11-05 14:07

Programmer and lawyer Matthew Butterick has sued Microsoft, GitHub, and OpenAI, alleging that GitHub's Copilot violates the terms of open-source licenses and infringes the rights of programmers. GitHub Copilot, released in June 2022, is an AI-based programming aid that uses OpenAI Codex to generate real-time source code and function recommendations in Visual Studio.

Dropbox Breach: Hackers Unauthorizedly Accessed 130 GitHub Source Code Repositories
2022-11-02 07:10

File hosting service Dropbox on Tuesday disclosed that it was the victim of a phishing campaign that allowed unidentified threat actors to gain unauthorized access to 130 of its source code repositories on GitHub."These repositories included our own copies of third-party libraries slightly modified for use by Dropbox, internal prototypes, and some tools and configuration files used by the security team," the company revealed in an advisory.

Dropbox admits 130 of its private GitHub repos were copied after phishing attack
2022-11-01 23:52

Dropbox has said it was successfully phished, resulting in someone copying 130 of its private GitHub code repositories and swiping some of its secret API credentials. GitHub let Dropbox know the next day, and the cloud storage outfit investigated.