The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub.

The post GitHub Developers Targeted by North Korea’s Lazarus Group appeared first on Security Boulevard.

In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week. “Out of an abundance of caution, we replaced our RSA SSH host key used to secure Git operations for GitHub.com,” GitHub CSO and SVP..

The post After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key appeared first on Security Boulevard.

When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for the platform’s security. “Unlike other recent source code leaks, it is concerning that Twitter has not released a statement to reiterate that it..

The post Twitter Presses GitHub to Turn Over User Who Leaked Source Code appeared first on Security Boulevard.

The writing is on the walls, and it’s hard to avoid after the significant spike in attacks against GitHub repositories. The recent CircleCI breach, in which customers’ secrets and encryption keys were stolen, make it very clear that attackers already understand and leverage this vector. Now more than ever, is the time for companies to..

The post Supply Chain Dependency: What Your GitHub Connections May Trigger appeared first on Security Boulevard.

We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) system configurations. Legitify, the open-source security tool we recently announced, is rapidly gaining popularity because it helps users analyze and remediate the security configuration of their SCM resources. 

The post Legitify adds support for GitLab and GitHub Enterprise Server appeared first on Security Boulevard.

The post LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft appeared first on The Shared Security Show.

The post LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft appeared first on Security Boulevard.

The post Tips & Best Practices for Configuring Squid with NTLM Authentication appeared first on Anitian.

The post Tips & Best Practices for Configuring Squid with NTLM Authentication appeared first on Security Boulevard.

Microsoft’s GitHub source control service will help stop devs accidentally embedding secrets in public code repositories. It’s a big problem.

The post GitHub Secret Scanning is now Free (as in Beer) appeared first on Security Boulevard.

A GitHub vulnerability was recently discovered that lets attackers seize control of a GitHub repository and infect all the applications and code that depend on it with malicious code. This vulnerability is a wake-up call for those who rely on open source packages, which are now at risk. “This is not much different than the..

The post GitHub Flaw Underscores Risks of Open Source, RepoJacking appeared first on Security Boulevard.

Combine the power of GitHub Actions for automated Continuous Integration/Continuous Deployment (CI/CD) pipelines with Contrast Security’s powerful free developer tool, CodeSec, to identify vulnerable dependencies in your Java, .NET, NodeJS, Ruby, Python, Go or PHP projects.

The post Detect vulnerable libraries within GitHub environments for free with CodeSec | Contrast Security appeared first on Security Boulevard.