Hot Topics

GitHub

GitHub satellite cyberattack Strontium cyberwarfare counter-drone The Legality of Waging War in Cyberspace

GitHub Developers Targeted by North Korea’s Lazarus Group

| | Cybersecurity, GitHub, Lazarus Group, npm, supply chain
The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub ...
Security Boulevard
RagnarLocker PKIaaS certificate key management PKI SSH key

After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key

| | code security, GitHub, key, repository, rotation, SSH
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week ...
Security Boulevard
Twitter attack Nestlé hacker ransomware breach malware

Twitter Presses GitHub to Turn Over User Who Leaked Source Code

| | Breach, Data Security, GitHub, leaks, Source Code, Twitter
When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for ...
Security Boulevard
GitHub connections digital pipeline GitHub ICS Risk

Supply Chain Dependency: What Your GitHub Connections May Trigger

| | API Keys, CircleCI breach, connections, GitHub, GitHub repositories, supply chain attack
The writing is on the walls, and it’s hard to avoid after the significant spike in attacks against GitHub repositories. The recent CircleCI breach, in which customers’ secrets and encryption keys were ...
Security Boulevard
Legitify adds support for GitLab and GitHub Enterprise Server

Legitify adds support for GitLab and GitHub Enterprise Server

| | GitHub, GitLab
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) ...
Legit Security Blog
LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft

LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft

| | business email compromise, Cyber Security, Cybersecurity, Data breach, Data Privacy, Digital Privacy, Episodes, GitHub, Information Security, Infosec, lastpass, Okta, Password, Password Vault, passwords, Pig Butchering Scams, Podcast, Podcasts, Privacy, romance scams, security, Source Code, technology, Weekly Edition
Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of ...
The Shared Security Show

Tips & Best Practices for Configuring Squid with NTLM Authentication

| | Application Security, GitHub, ldap, LDAP Authentication, NTLM Authentication, proxy, squid, Squid AD Authentication, Squid Proxy
If you’ve ever worked in environments requiring a proxy, reverse proxy, or caching system, you’ve likely heard of Squid proxy. Squid is one of the leading open-source proxy tools with an extensive ...
Anitian
GitHub Secret Scanning is now Free (as in Beer)

GitHub Secret Scanning is now Free (as in Beer)

| | Do you think they call this service their "Secret Scanta"?, GitHub, Microsoft, SB Blogwatch, secret key, secret keys, secret management, Secrets, Secrets detection, Secrets Management, secrets scanning, SecretScanner
Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem ...
Security Boulevard
GitHub connections digital pipeline GitHub ICS Risk

GitHub Flaw Underscores Risks of Open Source, RepoJacking

| | GitHub, open source, repojacking, secure code, software supply chain security
A GitHub vulnerability was recently discovered that lets attackers seize control of a GitHub repository and infect all the applications and code that depend on it with malicious code. This vulnerability is ...
Security Boulevard
Detect vulnerable libraries within GitHub environments for free with CodeSec | Contrast Security

Detect vulnerable libraries within GitHub environments for free with CodeSec | Contrast Security

| | CodeSec, Contrast SCA, GitHub, GitHub Action, SCA
Combine the power of GitHub Actions for automated Continuous Integration/Continuous Deployment (CI/CD) pipelines with Contrast Security’s powerful free developer tool, CodeSec, to identify vulnerable dependencies in your Java, .NET, NodeJS, Ruby, Python, ...
AppSec Observer
Load more