Security News

GitHub: Attacker breached dozens of orgs using stolen OAuth tokens
2022-04-15 23:09

GitHub revealed today that an attacker is using stolen OAuth user tokens to download data from private repositories. "The applications maintained by these integrators were used by GitHub users, including GitHub itself," revealed today Mike Hanley, Chief Security Officer at GitHub.

GitHub can now alert of supply-chain bugs in new dependencies
2022-04-08 18:00

GitHub can now block and alert you of pull requests that introduce new dependencies impacted by known supply chain vulnerabilities. "The GitHub Action automates finding and blocking vulnerabilities that are currently only displayed in the rich diff of a pull request," said Courtney Claessens, a Senior Product Manager at GitHub.

GitHub tackles leaks by scanning for secrets in pushed code
2022-04-05 16:00

Code shack GitHub is aiming to help users avoid inadvertent leaks of confidential objects like access tokens by scanning repository content for such secrets before a git push is executed. The secret scanning capability is already a feature of GitHub Advanced Security, which is enabled for all public repositories on GitHub.com and an option for GitHub Enterprise users.

GitHub can now auto-block commits containing API keys, auth tokens
2022-04-04 19:32

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.

GitHub can now block commits containing API keys, auth tokens
2022-04-04 19:32

GitHub has announced on Monday that it expanded its code hosting platform's secrets scanning capabilities for GitHub Advanced Security customers to block secret leaks automatically. Secret scanning is an advanced security option that organizations using GitHub Enterprise Cloud with a GitHub Advanced Security license can enable for additional repository scanning.

GitHub explains the cause behind the past week's outages
2022-03-24 14:55

GitHub says recent service outages were caused by resource contention issues in their primary database cluster. Since last week, GitHub says that there were four service outages caused by these problems, on March 16th, March 17th, March 22nd, and March 23rd. Today, GitHub explained that these outages were caused by "Resource contention" issues with their primary MySQL cluster called 'MySQL1.

Adafruit suffers GitHub data breach – don’t let this happen to you
2022-03-07 19:47

Popular open-source computer hardware company Adafruit Industries accidentally exposed customer data. The inadvertent disclosure involved an auditing data set used for employee training becoming public, on a GitHub repository associated with an inactive former employee's account who was learning data analysis.

Adafruit discloses data leak from ex-employee's GitHub repo
2022-03-06 11:16

Adafruit has disclosed a data leak that occurred due to a publicly-viewable GitHub repository. On Friday, March 4th, Adafruit announced that a publicly-accessible GitHub repository contained a data set comprising information on some user accounts.

GitHub code scanning now finds more security vulnerabilities
2022-02-17 19:47

Code hosting platform GitHub today launched new machine learning-based code scanning analysis features that will automatically discover more common security vulnerabilities before they end up in production. "Together, these four vulnerability types account for many of the recent vulnerabilities in the JavaScript/TypeScript ecosystem, and improving code scanning's ability to detect such vulnerabilities early in the development process is key in helping developers write more secure code."

GitHub outage impacts Actions, Codespaces, Issues, Pull Requests
2022-02-02 19:27

GitHub was down today, affected by a worldwide outage preventing access to the website, issuing commits, cloning projects, or performing pull requests. The outage started at approximately 2:15 PM EST, with the website responding with HTTP 500 error codes, as shown below.