Security News

GitHub bug caused users to login to other user accounts
2021-03-09 09:16

Last night, GitHub automatically logged out many users by invalidating their GitHub.com sessions to protect user accounts against a potentially serious security vulnerability. The anomalous behavior stemmed from a rare race condition vulnerability in which a GitHub user's login session was misrouted to the web browser of another logged-in user, giving the latter an authenticated session cookie of and access to the former user's account.

GitHub bug briefly gave valid authenticated session cookies to wrong users
2021-03-09 06:45

If you visit GitHub today you'll be asked to authenticate anew because the code collaboration locker has squished a bug that sometimes "Misrouted a user's session to the browser of another authenticated user, giving them the valid and authenticated session cookie for another user." GitHub disclosed the problem today, explain that it could only happen under "Extremely rare circumstances" and "Occurred in fewer than 0.001% of authenticated sessions on GitHub.com."

GitHub Hires Former Cisco Executive Mike Hanley as Chief Security Officer
2021-02-24 20:34

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer. Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer.

GitHub Hires Mike Hanley as Chief Security Officer
2021-02-24 20:13

Software development platform GitHub announced on Wednesday that it has hired Mike Hanley as its new Chief Security Officer. Hanley joins GitHub from Cisco, where he served as Chief Information Security Officer for less than a year.

SitePoint hacked: Hashed, salted passwords pinched from web dev learning site via GitHub tool pwnage
2021-02-05 19:05

Reg reader Andy told us: "Got an email from SitePoint this morning saying that they had been hacked and some non-important stuff like names, email addresses, hashed passwords etc might have been stolen. Coincided with a big increase in spam that I've been getting but that's probably coincidence." An email sent to SitePoint users and seen by The Register confirmed the hack, though at the time of writing, the company has not published anything about it on its website or social media accounts.

Here's how a researcher broke into Microsoft VS Code's GitHub
2021-01-27 10:05

This month a researcher has disclosed how he broke into the official GitHub repository of Microsoft Visual Studio Code. While riding a train, researcher RyotaK discovered a vulnerability in the VS Code's Continuous Integration script that let him break into Microsoft VS Code's official GitHub repository and commit files.

GitHub-hosted malware calculates Cobalt Strike payload from Imgur pic
2020-12-28 06:57

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

GitHub-based malware calculates Cobalt Strike payload from Imgur pic
2020-12-28 06:57

A new strand of malware uses Word files with macros to download a PowerShell script from GitHub. This PowerShell script further downloads a legitimate image file from image hosting service Imgur to decode a Cobalt Strike script on Windows systems.

Passwords begone: GitHub will ban them next year for authenticating Git operations
2020-12-17 08:29

Microsoft's GitHub plans to stop accepting account passwords as a way to authenticate Git operations, starting August 13, 2021, following a test period without passwords two-weeks earlier. As of next August, that requirement will be extended to all Git-related command line interactions, desktop apps that use Git, and software or services that access Git repos on GitHub via password.

We're not saying this is how SolarWinds was backdoored, but its FTP password 'leaked on GitHub in plaintext'
2020-12-16 00:00

In a message to The Register, Kumar said that on November 19, 2019, he told SolarWinds "Their update server was accessible with the password 'solarwinds123' which is leaking in the public Github repo. They fixed the issue and replied to me on." Using the exposed account name and password, he was able to upload a file to prove the system was insecure, he said he wrote in his report to SolarWinds, adding that a hacker could use the credentials to upload a malicious executable and add it to a SolarWinds update.