Security News

Details Disclosed for GitHub Pages Flaws That Earned Researchers $35,000
2021-04-07 13:26

A researcher has disclosed the details of a series of vulnerabilities that could have been exploited by an attacker to access an organization's private pages on GitHub. GitHub Pages is a service that individuals and organizations can use to host websites.

GitHub Actions being actively abused to mine cryptocurrency on GitHub servers
2021-04-03 09:49

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.

Automated attack abuses GitHub Actions to mine cryptocurrency
2021-04-03 09:49

GitHub Actions is currently being abused by attackers to mine cryptocurrency on GitHub's servers in an automated attack. This week, according to a Dutch security engineer Justin Perdok, attackers have targeted GitHub repositories that use GitHub Actions to mine cryptocurrency.

GitHub Arctic Vault likely contains leaked MedData patient records
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

GitHub Arctic Vault likely has leaked MedData patient records
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

GitHub Arctic Vault captures leaked patient medical data for 1,000 years
2021-04-02 08:26

GitHub Arctic Code Vault has likely captured sensitive patient medical records from multiple healthcare facilities in a data leak attributed to MedData. These rolls of films were then shipped off to the GitHub Arctic Code Vault, situated in a remote coal mine, deep under an Arctic mountain in Svalbard, Norway, which is relatively close to the North Pole.

PHP repository moved to GitHub after malicious code inserted under creator Rasmus Lerdorf's name
2021-03-29 11:46

The main code repository for PHP, which powers nearly 80 per cent of the internet, was breached to add malicious code and is now being moved to GitHub as a precaution. "Yesterday two malicious commits were pushed to the php-src repo from the names of Rasmus Lerdorf and myself. We don't yet know how exactly this happened, but everything points towards a compromise of the git.php.net server," said PHP maintainer Nikita Popov, who works with the PHP team at JetBrains.

Microsoft's GitHub under fire after disappearing proof-of-concept exploit for critical Microsoft Exchange vuln
2021-03-12 00:32

On Wednesday, shortly after security researcher Nguyen Jang posted a proof-of-concept exploit on GitHub that abuses a Microsoft Exchange vulnerability revealed earlier this month, GitHub, which is owned by Microsoft, removed code, to the alarm of security researchers. The bug, referred to as ProxyLogon, was one of four Microsoft Exchange zero-days that Microsoft patched in an out-of-band release on March 3, 2021.

GitHub Informs Users of 'Potentially Serious' Authentication Bug
2021-03-09 11:58

GitHub on Monday informed users that it had discovered what it described as an "Extremely rare, but potentially serious" security bug related to how some authenticated sessions were handled. A second patch was released on March 8 and on the evening of the same day the company decided to invalidate all authenticated sessions to completely eliminate the possibility of exploitation.

GitHub fixes bug causing users to log into other accounts
2021-03-09 09:16

Last night, GitHub automatically logged out many users by invalidating their GitHub.com sessions to protect user accounts against a potentially serious security vulnerability. The anomalous behavior stemmed from a rare race condition vulnerability in which a GitHub user's login session was misrouted to the web browser of another logged-in user, giving the latter an authenticated session cookie of and access to the former user's account.