Security News
GitHub says recent service outages were caused by resource contention issues in their primary database cluster. Since last week, GitHub says that there were four service outages caused by these problems, on March 16th, March 17th, March 22nd, and March 23rd. Today, GitHub explained that these outages were caused by "Resource contention" issues with their primary MySQL cluster called 'MySQL1.
Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data. The inadvertent disclosure involved an auditing data set used for employee training becoming public, on a GitHub repository associated with an inactive former employee's account who was learning data analysis.
Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. On Friday, March 4th, Adafruit announced that a publicly-accessible GitHub repository contained a data set comprising information on some user accounts.
Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production. "Together, these four vulnerability types account for many of the recent vulnerabilities in the JavaScript/TypeScript ecosystem, and improving code scanning's ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code."
GitHub was down today, affected by a worldwide outage preventing access to the website, issuing commits, cloning projects, or performing pull requests. The outage started at approximately 2:15 PM EST, with the website responding with HTTP 500 error codes, as shown below.
Microsoft Sentinel now comes with support for continuous GitHub threat monitoring, which helps keep track of potentially malicious events after ingesting GitHub enterprise repository logs. "Today, together with Microsoft Sentinel, you can connect your enterprise-licensed GitHub repository environment to the Microsoft Sentinel workspace and ingest the GitHub audit log - tracking events such as new repository creation or deletion, counting the number of repository clones, and more," Microsoft explained.
The BotenaGo botnet source code has been leaked to GitHub. Uploading of the source code to GitHub "Can potentially lead to a significant rise of new malware variants as malware authors will be able to use the source code and adapt it to their objectives," Alien Labs security researcher Ofer Caspi wrote.
Smartphone payment provider LINE Pay announced yesterday that around 133,000 users' payment details were mistakenly published on GitHub between September and November of this year. Files detailing participants in a LINE Pay promotional program staged between late December 2020 and April 2021 were accidentally uploaded to the collaborative coding crèche by a research group employee.
Two years ago, we wrote about the fact that incautious software developers had uploaded hundreds of thousands of private access control keys, entirely unintentionally, along with source code files that they did intend to make public. Blindly packaging all these files into an archive for uploading to your favourite public repository seems pretty harmless, given that all the files in the lua account are supposed to be public.
Thousands of Firefox cookie databases containing sensitive data are available on request from GitHub repositories, data potentially usable for hijacking authenticated sessions. Aidan Martin, a security engineer at London-based rail travel service Trainline, alerted The Register to the public availability of these files after reporting his findings through HackerOne and being told by a GitHub representative that "Credentials exposed by our users are not in scope for our Bug Bounty program."