GitHub
GitHub Developers Targeted by North Korea’s Lazarus Group
The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub ...
Security Boulevard
After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week ...
Security Boulevard
Twitter Presses GitHub to Turn Over User Who Leaked Source Code
When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for ...
Security Boulevard
Supply Chain Dependency: What Your GitHub Connections May Trigger
Alon Jackson | | API Keys, CircleCI breach, connections, GitHub, GitHub repositories, supply chain attack
The writing is on the walls, and it’s hard to avoid after the significant spike in attacks against GitHub repositories. The recent CircleCI breach, in which customers’ secrets and encryption keys were ...
Security Boulevard
Legitify adds support for GitLab and GitHub Enterprise Server
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) ...
LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft
Tom Eston | | business email compromise, Cyber Security, Cybersecurity, Data breach, Data Privacy, Digital Privacy, Episodes, GitHub, Information Security, Infosec, lastpass, Okta, Password, Password Vault, passwords, Pig Butchering Scams, Podcast, Podcasts, Privacy, romance scams, security, Source Code, technology, Weekly Edition
Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of ...
Tips & Best Practices for Configuring Squid with NTLM Authentication
Carter Williamson | | Application Security, GitHub, ldap, LDAP Authentication, NTLM Authentication, proxy, squid, Squid AD Authentication, Squid Proxy
If you’ve ever worked in environments requiring a proxy, reverse proxy, or caching system, you’ve likely heard of Squid proxy. Squid is one of the leading open-source proxy tools with an extensive ...
GitHub Secret Scanning is now Free (as in Beer)
Richi Jennings | | Do you think they call this service their "Secret Scanta"?, GitHub, Microsoft, SB Blogwatch, secret key, secret keys, secret management, Secrets, Secrets detection, Secrets Management, secrets scanning, SecretScanner
Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem ...
Security Boulevard
GitHub Flaw Underscores Risks of Open Source, RepoJacking
A GitHub vulnerability was recently discovered that lets attackers seize control of a GitHub repository and infect all the applications and code that depend on it with malicious code. This vulnerability is ...
Security Boulevard
Detect vulnerable libraries within GitHub environments for free with CodeSec | Contrast Security
Combine the power of GitHub Actions for automated Continuous Integration/Continuous Deployment (CI/CD) pipelines with Contrast Security’s powerful free developer tool, CodeSec, to identify vulnerable dependencies in your Java, .NET, NodeJS, Ruby, Python, ...