Tagged: Github

gitgub campaign

Gitgub Campaign: Info Stealer Targets GitHub Users

Security researchers have uncovered multiple repositories on GitHub distributing malicious software under the guise of cracked versions of popular software. In a malicious operation dubbed “gitgub,” specialists from the German company G DATA identified...

Github Credentials Leaked

Exposed: 12.8 Million Credentials Leaked on GitHub

In 2023, GitHub users inadvertently disclosed approximately 12.8 million credentials and other confidential secrets across more than 3 million public repositories. Cybersecurity experts at GitGuardian, upon investigating this issue, dispatched 1.8 million cautionary emails...

Snake Python infostealer

Beware! Snake Infostealer Targets Facebook Users

Cybereason has identified a new malware variant named Snake, which proliferates through Facebook messages. This Python-written infostealer is designed to pilfer confidential user data. The stolen data are transmitted across various platforms, including Discord,...

GitHub malicious campaign

GitHub Under Attack: 100,000+ Fake Repositories Spreading Malware

Researchers at Apiiro investigated a widespread campaign of attacks on the GitHub platform using malicious repositories. The experts identified over 100,000 counterfeit repositories, mimicking popular open-source projects to disseminate malware. The number of such...

CVE-2024-0200

GitHub Fixed Critical CVE-2024-0200 Flaw in Enterprise Server

Recently, GitHub rectified a vulnerability, CVE-2024-0200, in its Enterprise Server. This flaw, associated with Unsafe Reflection, permitted malefactors to execute remote code on unprotected servers. It granted access to the environment variables of production...

GitHub secret scanning PyPI

GitHub secret scanning now supports PyPI and RubyGems

GitHub recently extended its secret scanning feature to repositories containing PyPI and RubyGems registry secrets to prevent Ruby and Python developers from inadvertently submitting secrets and credentials to their GitHub repositories. A secret, also...

CVE-2024-0200

GitHub launches a new policy about hosting malware source code

GitHub recently released its updated community guidelines, explaining how the company will deal with vulnerabilities and malware samples hosted on its services. Security researcher Nguyen Jang uploaded a proof-of-concept (PoC) to GitHub in March,...

Github FIDO2

GitHub now supports FIDO2 security keys

GitHub newly provides support for using FIDO2 security keys when performing SSH Git operations to increase account protection. Two years ago, researchers at North Carolina State University (NCSU) found that after scanning about 13%...

GitHub Microsoft

Github was reopened to Iranian developers

The US government announced two years ago that it would impose trade sanctions on Iran, Crimea, and Syria. This prevented US companies from providing services to users in these regions. At that time, Microsoft’s...

CVE-2024-0200

Google announced an un-fix vulnerability in Github

Recently, Google’s Project Zero only announced the Windows 10 zero-day security vulnerabilities. Although Microsoft has not repaired this security, the flaw relevant details have been disclosed. Once again, Google is now revealing new vulnerabilities....