Security News

Datadog and Snyk unveil GitHub integration to automate software development workflow
2020-12-14 00:45

Datadog announced the Datadog Vulnerability Analysis GitHub Action, Datadog's first action listed on the GitHub Marketplace. GitHub Actions provide powerful, flexible CI/CD with the ability to automate any software development workflow.

GitHub Says Vulnerabilities in Some Ecosystems Take Years to Fix
2020-12-03 18:47

Developers often need years to address some of the vulnerabilities introduced in their software, a new GitHub report reveals. The report, which is based on the analysis of more than 45,000 active repositories, shows that it typically takes 7 years to address vulnerabilities in Ruby, while those in npm are usually patched in five years.

GitHub reinstates YouTube-dl, promises to overhaul DMCA reviews
2020-11-16 11:53

Today, GitHub shared more info regarding why YouTube-dl was kicked off the platform and about why GitHub handled this situation the way it did. "Our actions were driven by processes required to comply with laws like the DMCA that put platforms like GitHub and developers in a difficult spot," GitHub's Director of Platform Policy Abby Vollmer said.

Reverse shell botnet Gitpaste-12 spreads via GitHub and Pastebin
2020-11-06 04:22

A newly discovered worm and botnet named Gitpaste-12 lives on GitHub and also uses Pastebin to host malicious code. The advanced malware comes equipped with reverse shell and crypto-mining capabilities and exploits over 12 known vulnerabilities, therefore the moniker.

No, GitHub's source code wasn't hacked and posted on GitHub, says GitHub CEO
2020-11-05 07:57

GitHub's CEO has denied that the site's source code was posted to GitHub. News of the supposed leak and posting came from a site called Resynth that linked to a Wayback Machine snapshot of a GitHub repo that purported to be the work of GitHub CEO Nat Friedman and was labelled "This is GitHub.com and GitHub Enterprise."

Google Discloses Details of GitHub Actions Vulnerability
2020-11-05 04:40

Details on a vulnerability impacting GitHub Actions were made public this week by Google, following a 104-day disclosure deadline. The bug was identified by security researcher Felix Wilhelm of Google Project Zero, who reported it to GitHub on July 21.

GitHub breaks site layout after forgetting to renew certificate
2020-11-02 16:31

This morning, GitHub's pristine layout vanished off of the repository, in what looks like a miss on the company's part in renewing an SSL certificate. The expired certificate prevented numerous resources like images, JavaScript, and CSS stylesheets from correctly loading on GitHub.

GitHub threatens to ban users who bypass YouTube-dl takedown
2020-11-02 11:27

GitHub has issued a warning that accounts could be banned if they continue to upload content that was removed due to DMCA takedown notices. On October 23rd, 2020, GitHub removed the source code repositories for the popular video download tool called YouTube-dl after the Recording Industry Association of America, Inc. filed a DMCA infringement notice.

Angry YouTube-dl users flood GitHub with new repos after takedown
2020-10-26 19:21

Users of the extremely popular YouTube-dl YouTube media downloader have flooded GitHub with new repositories containing the tool's source code after GitHub took down the project's repositories on Friday. On October 23, 2020, GitHub took down YouTube-dl's repositories due to a DMCA infringement notice filed by Recording Industry Association of America, an organization that represents the recording industry in the U.S. Before being removed, YouTube-dl's repo was in the top 40 most starred GitHub repositories with more than 72,000 stars, between Node.js and Kubernetes.

YouTube-dl removed from GitHub after RIAA DMCA notice
2020-10-23 18:35

The Recording Industry Association of America, Inc. has taken down YouTube-dl's GitHub repositories using a DMCA takedown notice. Today, the RIAA took down the YouTube-dl GitHub repositories by filing a DMCA infringement notice with GitHub.