Tag: github

GitHub Confirms Signing Certificates Stolen in Cyber Attack Revokes Them
Resources, Risk, Security

GitHub Confirms Signing Certificates Stolen in Cyber Attack Revokes Them

GitHub acknowledged on Monday that during a cyberattack in December 2022, threat actors stole three digital certificates used for its Desktop and Atom applications. The business also stated in a blog post that it came to the conclusion that there was no risk to the GitHub.com services or illegal alterations to the projects after looking into the mishap. The statement by Alexis Wales, GitHub's vice president of security operations, states that "a set of encrypted code signing certificates were exfiltrated; however, the certificates were password-protected, and we have no indication of nefarious use." "We will invalidate the exposed certificates used by the GitHub Desktop and Atom applications as a precautionary step read the complete article GitHub Confirms Signing Certificates St...
GitHub Adds Features to Automate Vulnerability Code Scanning
Events, Resources, Risk, Security

GitHub Adds Features to Automate Vulnerability Code Scanning

A new feature to automatically set up code scanning on repositories has been added by hosting service GitHub. The innovative feature, known as "default setup," makes it simple to begin code scanning on repositories using Python, JavaScript, and Ruby. The business stated in a blog post on Monday that "you can now enable code scanning in just a few clicks and without utilizing a.yaml file, enabling open source developers and companies speed code scanning setup so they can secure more of their software." The 'Code security and analysis' section under the 'Security' header in the 'Settings' tab of repositories already has the new feature. According to GitHub product marketer Walker Chabbott read the complete article GitHub Adds Features to Automate Vulnerability Code Scanning. Are...
Hackers Breach Okta’s GitHub Repositories, Steal Source Code
Business, Risk, Security

Hackers Breach Okta’s GitHub Repositories, Steal Source Code

The identity and access management service provider Okta said on Wednesday that several of its source code repositories had been improperly accessed earlier this month. According to the firm, "There is no impact to any clients, including any HIPAA, FedRAMP, or DoD customers." Customers are not compelled to take any action. Unknown threat actors gained access to the code repositories for the Okta Workforce Identity Cloud (WIC), which are housed on GitHub, according to the security incident, which was initially reported by Bleeping Computer. The source code was subsequently copied by abusing the access read the complete article Hackers Breach Okta's GitHub Repositories, Steal Source Code.