GitHub
NSA Releases EliteWolf GitHub Repository for Securing OT Environments
The National Security Agency released a code repository in GitHub to make it easier for critical infrastructure organizations and similar entities to better identify and detect potentially malicious activities in their operational ...
Biggest GitHub code security threats | Software Supply Chain Security | Contrast Security
GitHub is the Megladon of source code hosts, and as such, it sports a gargantuan bulls-eye that flashes neon to hackers looking to poison the software supply chain. ...
Cybersecurity Insights with Contrast CISO David Lindner | 9/29
Insight #1 For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is forcing users into choosing ...
GitHub Vulnerability Put Code Packages at Risk of Repojacking
A new vulnerability found in GitHub’s operations could have given bad actors another way of getting around the code hosting platform’s security protections and exposing thousands of code packages to being hijacked ...
GitHub Developers Targeted by North Korea’s Lazarus Group
The Lazarus Group is behind a social engineering campaign that uses repository invitations and malicious npm packages to target developers on GitHub ...
After Brief Exposure in Public Repo, GitHub Rotated Private SSH Key
In an attempt to get ahead of fallout from the exposure of its private SSH key in a public repository, the software development platform GitHub proactively rotated its host key last week ...
Twitter Presses GitHub to Turn Over User Who Leaked Source Code
When Twitter joined the ranks of tech companies whose source code leaked online, it was met with little surprise and a whole lot of unease over what the leak might mean for ...
Supply Chain Dependency: What Your GitHub Connections May Trigger
The writing is on the walls, and it’s hard to avoid after the significant spike in attacks against GitHub repositories. The recent CircleCI breach, in which customers’ secrets and encryption keys were ...
Legitify adds support for GitLab and GitHub Enterprise Server
We encounter security incidents on a weekly basis with prospective customers that involve pipeline manipulation, code theft, and sensitive data exposure - many of which result from bad source code management (SCM) ...
LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft
Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of ...