Security News

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
2023-10-30 10:56

A new ongoing campaign dubbed EleKtra-Leak has set its eyes on exposed Amazon Web Service (AWS) identity and access management (IAM) credentials within public GitHub repositories to facilitate...

GitHub's Secret Scanning Feature Now Covers AWS, Microsoft, Google, and Slack
2023-10-06 08:53

GitHub has announced an improvement to its secret scanning feature that extends validity checks to popular services such as Amazon Web Services (AWS), Microsoft, Google, and Slack. Validity...

Securing GitHub Actions for a safer DevOps pipeline
2023-10-02 04:30

Misconception #1: GitHub Actions security only means using SCA, SAST tools in CI/CD. When people think about GitHub Actions security, their first thought is about adding security tools, like SCA and SAST tools, in the CI/CD pipeline. GitHub Actions security also extends to securing the CI/CD servers on which GitHub Actions run.

GitHub Repositories Hit by Password-Stealing Commits Disguised as Dependabot Contributions
2023-09-28 17:22

A new malicious campaign has been observed hijacking GitHub accounts and committing malicious code disguised as Dependabot contributions with an aim to steal passwords from developers. "The...

GitHub repos bombarded by info-stealing commits masked as Dependabot
2023-09-27 12:00

Hackers are breaching GitHub accounts and inserting malicious code disguised as Dependabot contributions to steal authentication secrets and passwords from developers. The campaign unfolded in July 2023, when researchers discovered unusual commits on hundreds of public and private repositories forged to appear as Dependabot commits.

GitHub passkeys generally available for passwordless sign-ins
2023-09-21 18:59

GitHub has made passkeys generally available across the platform today to secure accounts against phishing and allow passwordless logins for all users. Passkeys are linked to specific devices, such as computers, tablets, or smartphones, and have a crucial role in reducing the risk of data breaches by providing protection against phishing attacks and blocking unauthorized access attempts.

Beware: Fake Exploit for WinRAR Vulnerability on GitHub Infects Users with Venom RAT
2023-09-21 05:03

A malicious actor released a fake proof-of-concept (PoC) exploit for a recently disclosed WinRAR vulnerability on GitHub with an aim to infect users who downloaded the code with Venom RAT malware....

Microsoft worker accidentally exposes 38TB of sensitive data in GitHub blunder
2023-09-18 18:03

A Microsoft employee accidentally exposed 38 terabytes of private data while publishing a bucket of open-source AI training data on GitHub, according to Wiz security researchers who spotted the leaky account and reported it to the Windows giant.This is despite Wiz claiming the leaky data bucket had private keys, passwords, and over 30,000 internal Microsoft Teams messages, as well as backup data from two employees' workstations.

Critical GitHub Vulnerability Exposes 4,000+ Repositories to Repojacking Attack
2023-09-12 11:32

A new vulnerability disclosed in GitHub could have exposed thousands of repositories at risk of repojacking attacks, new findings show. The flaw "Could allow an attacker to exploit a race condition within GitHub's repository creation and username renaming operations," Checkmarx security researcher Elad Rapoport said in a technical report shared with The Hacker News.

North Korean hackers targeted tech companies through JumpCloud and GitHub
2023-07-21 12:48

North Korean state-sponsored hackers have been linked to two recent cyberattack campaigns: one involving a spear-phishing attack on JumpCloud and the other targeting tech employees on GitHub through a social engineering campaign. "Fewer than 5 JumpCloud customers were impacted and fewer than 10 devices total were impacted, out of more than 200,000 organizations who rely on the JumpCloud platform for a variety of identity, access, security, and management functions,".