Security News

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer. Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer for less than a year.

Reg reader Andy told us: "Got an email from SitePoint this morning saying that they had been hacked and some non-important stuff like names, email addresses, hashed passwords etc might have been stolen. Coincided with a big increase in spam that I've been getting but that's probably coincidence." An email sent to SitePoint users and seen by The Register confirmed the hack, though at the time of writing, the company has not published anything about it on its website or social media accounts.

This month a researcher has disclosed how he broke into the official GitHub repository of Microsoft Visual Studio Code. While riding a train, researcher RyotaK discovered a vulnerability in the VS Code's Continuous Integration script that let him break into Microsoft VS Code's official GitHub repository and commit files.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

Microsoft's GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier. As of next August, that requirement will be extended to all Git-related command line interactions, desktop apps that use Git, and software or services that access Git repos on GitHub via password.

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "Their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on." Using the exposed account name and password, he was able to upload a file to prove the system was insecure, he said he wrote in his report to SolarWinds, adding that a hacker could use the credentials to upload a malicious executable and add it to a SolarWinds update.

Datadog announced the Datadog Vulnerability Analysis GitHub Action, Datadog's first action listed on the GitHub Marketplace. GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow.

Developers often need years to address some of the vulnerabilities introduced in their software, a new GitHub report reveals. The report, which is based on the analysis of more than 45,000 active repositories, shows that it typically takes 7 years to address vulnerabilities in Ruby, while those in npm are usually patched in five years.

Today, GitHub shared more info regarding why YouTube-dl was kicked off the platform and about why GitHub handled this situation the way it did. "Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot," GitHub's Director of Platform Policy Abby Vollmer said.