Tag: github

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub
31Oct By RBNo Comments
News

EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on GitHub

In an attempt to aid cryptojacking activities, a new continuing campaign known as EleKtra-Leak has focused on exposed identity and access management (IAM) credentials from Amazon Web Services (AWS) inside open GitHub projects. Researchers William Gamazo and Nathaniel Quist of Palo Alto Networks Unit 42 said in a technical report shared with The Hacker News that "as a result of this, the threat actor associated with the campaign was able to create multiple AWS Elastic Compute (EC2) instances that they used for wide-ranging and long-lasting cryptojacking operations." Operating since December 2020 at the latest, the operation's goal is to mine Monero from up to 474 distinct Amazon EC2 instances between read more EleKtra-Leak Cryptojacking Attacks Exploit AWS IAM Credentials Exposed on ...
Read More
Malicious Actors Exploit GitHub to Distribute Fake Exploits
15Jun By RBNo Comments
News

Malicious Actors Exploit GitHub to Distribute Fake Exploits

There have been a number of fraudulent GitHub repositories identified that pretend to be real security research initiatives. According to a new advisory released today by VulnCheck researcher Jacob Baines, the repositories assert to have exploits for well-known companies including Chrome, Exchange, and Discord. "VulnCheck discovered a fraudulent GitHub repository that claimed to be a Signal 0-day in early May. When the team informed GitHub about the repository, it was promptly deleted read more Malicious Actors Exploit GitHub to Distribute Fake Exploits. Stay one step ahead of cyber threats with ReconBee.com. Explore our comprehensive coverage of recent cyber attacks, cybersecurity awareness, and the latest cybersecurity news to safeguard your digital world.
Read More
Twitter source code leaked via GitHub
31Mar By RBNo Comments
News

Twitter source code leaked via GitHub

According to a DMCA takedown notice, a portion of the source code for the social media website Twitter was exposed via the source code repository GitHub. According to the DMCA filing, the stolen information contained "proprietary source code for Twitter's platform and internal tools." The code was deleted after the DMCA request. A person going by the screen moniker "FreeSpeechEnthusiast" leaked the source code. Although it is unknown how long the source code was accessible, the account has been in use at least since January 2023 read more Twitter source code leaked via GitHub. With ReconBee.com Stay ahead of the latest threats with in-depth coverage of cyber attacks and cybersecurity trends, and the latest cybersecurity news.
Read More
GitHub Updates Security Protocol For Operations Over SSH
27Mar By RBNo Comments
News

GitHub Updates Security Protocol For Operations Over SSH

After learning the key was briefly exposed in a public repository, the repository hosting provider GitHub announced it is replacing its current RSA SSH host key with a new one as a precaution. In a post earlier today, GitHub stated, "We quickly took action to control the exposure and started investigating to identify the core cause and consequences." The key replacement is now complete, and users will notice the change over the following 30 minutes. The company stated that the modification was made in order to safeguard customers' Git operations over SSH, especially from potential threat actors seeking to pose as GitHub read more GitHub Updates Security Protocol For Operations Over SSH. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our...
Read More
GitHub releases blueprint for budding open source program offices
16Mar By RBNo Comments
News

GitHub releases blueprint for budding open source program offices

GitHub has made available internal instructions and tools for setting up an open-source program office (OSPO). Aimed at companies creating their first OSPO, the new GitHub-OSPO repository on GitHub (where else?) contains everything from regulations governing contributor license agreements (CLA) to instructions on archiving repositories. Helping small-scale open-source projects develop into something more significant and organized is essentially what it's all about read more GitHub releases blueprint for budding open source program offices. Stay informed with the best cybersecurity news and raise your cybersecurity awareness with our comprehensive coverage of the latest threats, breaches, and solutions.
Read More
GitHub Confirms Signing Certificates Stolen in Cyber Attack Revokes Them
1Feb By RBNo Comments
Resources, Risk, Security

GitHub Confirms Signing Certificates Stolen in Cyber Attack Revokes Them

GitHub acknowledged on Monday that during a cyberattack in December 2022, threat actors stole three digital certificates used for its Desktop and Atom applications. The business also stated in a blog post that it came to the conclusion that there was no risk to the GitHub.com services or illegal alterations to the projects after looking into the mishap. The statement by Alexis Wales, GitHub's vice president of security operations, states that "a set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected, and we have no indication of nefarious use." "We will invalidate the exposed certificates used by the GitHub Desktop and Atom applications as a precautionary step read the complete article GitHub Confirms Signing Certificates St...
Read More
GitHub Adds Features to Automate Vulnerability Code Scanning
11Jan By RBNo Comments
Events, Resources, Risk, Security

GitHub Adds Features to Automate Vulnerability Code Scanning

A new feature to automatically set up code scanning on repositories has been added by hosting service GitHub. The innovative feature, known as "default setup," makes it simple to begin code scanning on repositories using Python, JavaScript, and Ruby. The business stated in a blog post on Monday that "you can now enable code scanning in just a few clicks and without utilizing a.yaml file, enabling open source developers and companies speed code scanning setup so they can secure more of their software." The 'Code security and analysis' section under the 'Security' header in the 'Settings' tab of repositories already has the new feature. According to GitHub product marketer Walker Chabbott read the complete article GitHub Adds Features to Automate Vulnerability Code Scanning. Are...
Read More
Hackers Breach Okta’s GitHub Repositories, Steal Source Code
22Dec By RBNo Comments
Business, Risk, Security

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

The identity and access management service provider Okta said on Wednesday that several of its source code repositories had been improperly accessed earlier this month. According to the firm, "There is no impact to any clients, including any HIPAA, FedRAMP, or DoD customers." Customers are not compelled to take any action. Unknown threat actors gained access to the code repositories for the Okta Workforce Identity Cloud (WIC), which are housed on GitHub, according to the security incident, which was initially reported by Bleeping Computer. The source code was subsequently copied by abusing the access read the complete article Hackers Breach Okta's GitHub Repositories, Steal Source Code.
Read More
Follow Us on Twitter
Follow Us on LinkedIn
Follow Us on YouTube
Follow Us on Facebook