GitHub
Contrast Security expands its GitHub coverage with new SCA GitHub Action
There are more than 73 million developers currently utilizing GitHub, and rightfully so, since GitHub has become a necessary part of any software business in need of a web presence. And while ...
LEAKED: Intel’s BIOS Source Code — All 6GB of It
Richi Jennings | | Alder Lake, BIOS, Boot Guard, GitHub, Insyde, Intel, Key Manifest, LC Future Center, Lenovo, private keys, RISC V is the open source future—not Intel, SB Blogwatch, tpm, UEFI
Source code for the Intel Alder Lake processor EUFI BIOS has gone walkies. 4chan is said to be involved ...
Security Boulevard
GitHub Zero-Day: From 35K Repos Compromised to False Alarm
At 6:14 a.m. GMT on August 3, 2022, a Twitter thread from Stephen Lacy threw the security Twitter-sphere into a frenzy. An alleged zero-day (-like) vulnerability that exposed over 35,000 repositories was announced; ...
Security Boulevard
CodeSec by Contrast Security – Evaluator Guide
CodeSec by Contrast brings enterprise-level security right to your development workflow for free. Make code and serverless security simple and efficient with quick scan times, market-leading accuracy, actionable results and seamless integration ...
GitHub 2FA Push is Positive, But There’s More to Be Done
Teri Robinson | | 2fa, code repository, GitHub, Multifactor Authentication, Secrets Management, software supply chain security
All developers contributing code on GitHub will be required to enable at least one form of two-factor authentication (2FA) by the end of next year, with the site well into its efforts ...
Security Boulevard
Fighting Fake EDRs With ‘Credit Ratings’ for Police
BrianKrebs | | A Little Sunshine, Apple, ATT, Coinbase, Discord, emergency data request, FBI, GitHub, google, Kodex, linkedin, Matt Donahue, Meta, Microsoft, Snapchat, T-Mobile, The Coming Storm, TikTok, Twilio, Twitter, verizon, Web Fraud 2.0
When KrebsOnSecurity last month explored how cybercriminals were using hacked email accounts at police departments worldwide to obtain warrantless Emergency Data Requests (EDRs) from social media and technology providers, many security experts ...
This Week in Malware—Malicious ‘Distutil’ and Spring4Shell active exploitation
This week in malware we have a lot to go over. A mysterious 'Distutil' Python library found on the PyPI repository, active Spring4Shell exploitation by threat actors deploying crypto-miners, ProxyShell exploits targeting ...
Fixing a vulnerability? Make sure your GitHub isn’t showing too much
obfuscated secrets and a $326M crypto hack: are your GitHub commits revealing too much? When committing software projects to GitHub it remains crucial to ensure that secrets like your private tokens, API ...
Pro-Ukraine ‘Protestware’ Pushes Antiwar Ads, Geo-Targeted Malware
BrianKrebs | | alex holden, GitHub, Hold Security, protestware, Russia's War on Ukraine, The Coming Storm
Researchers are tracking a number of open-source "protestware" projects on GitHub that have recently altered their code to display "Stand with Ukraine" messages for users, or basic facts about the carnage in ...
UPDATED: Cybereason Log4Shell Vaccine Offers Permanent Mitigation Option for Log4j Vulnerabilities (CVE-2021-44228 and CVE-2021-45046)
Yonatan Striem-Amit | | Apache Log4j Vulnerability, Apache Servers, CVE-2021-44228, Cybereason Defense Platform, enterprise security, Exploits, GitHub, Log4Shell, Logout4Shell Vaccine, mitigation, Network Security, patch management, patching, rce, remediation, Remote Code Execution, Vulnerabilities, vulnerability, zero-day
UPDATE 12/17/21: The Logout4Shell Vaccine has been updated to add a persistent option in addition to the existing one which reverted upon server restart. The previous version of the Vaccine used the ...