April 10, 2024 at 09:15AM Threat actors are leveraging GitHub’s search feature to dupe users into downloading malicious code by creating fake repositories with popular names. The attackers manipulate search rankings and use fake stars to deceive users. Researchers warn of the ongoing threat to the open-source ecosystem and emphasize the need for caution when … Read more
March 25, 2024 at 02:06PM Over 170,000 users were impacted by a complex attack employing fake Python infrastructure. The attack targeted the Top.gg GitHub organization and other developers, distributing malware-infected Python PyPI packages. This led to data theft from browsers, Discord, and crypto wallets. The attack involved various tactics, including creating clones of popular Python … Read more
March 25, 2024 at 08:00AM Python developers, including a maintainer of Top.gg, were targeted by information-stealing malware. Attackers cloned and inserted malicious code into Colorama, a widely-used tool, and spread it through fake mirror domains and compromised repositories. The malware invaded systems, stealing data and executing additional harmful actions, impacting multiple browsers and platforms. Key … Read more
March 12, 2024 at 11:25AM GitGuardian reported that during 2023, 12.8 million sensitive secrets were accidentally exposed in over 3 million public repositories on GitHub, with the majority remaining valid after five days. The exposed secrets included account passwords, API keys, and certificates, posing significant security risks. The leakiest countries included India, the United States, … Read more
March 4, 2024 at 08:31AM Cyberattackers have created over 100,000 malicious repositories on GitHub, with some estimates reaching over a million. They use automation to copy, infect, and reupload existing repositories, tricking developers into downloading malware. GitHub’s security mechanisms remove most fakes, but some still slip through. Organizations need policies to protect against these attacks. … Read more
January 30, 2024 at 01:46PM A mishandled GitHub token granted unrestricted access to Mercedes-Benz’s internal GitHub Enterprise Service, exposing sensitive source code. RedHunt Labs discovered and reported the security breach, prompting Mercedes-Benz to revoke the token and remove the public repository. The leak could have severe consequences, including reverse-engineering proprietary technology, potential GDPR infringement, and … Read more
January 18, 2024 at 08:03AM Misconfigurations in TensorFlow’s CI/CD system enabled potential supply chain attacks. GitHub-hosted runners are not vulnerable, but self-hosted runners executed without approval, permitting unauthorized code execution. Ephemeral runner security measures were bypassed, allowing for breaches of GitHub repository and PyPI registry integrity. Project maintainers addressed the issues post-disclosure, mitigating the risks. … Read more
January 12, 2024 at 08:22AM GitHub’s popularity presents challenges and opportunities. Its appeal to developers worldwide makes it difficult to block, benefitting dissidents but posing security risks. Despite being relatively immune to Chinese censorship, it is abused for malware distribution. GitHub’s advantages and disadvantages make it a complex platform for both legitimate and malicious activities. … Read more
December 26, 2023 at 04:09PM GitHub is requiring users to enable two-factor authentication (2FA) by January 19th, 2024, for contributing code on GitHub.com. This measure aims to safeguard accounts and prevent code alteration. Failure to comply will result in limited access to the site. Various 2FA methods are available, and users are encouraged to set … Read more
December 5, 2023 at 05:48AM Over 15,000 Go module repositories on GitHub are susceptible to “repojacking,” with vulnerabilities due to user name changes and account deletions. This exploit allows attackers to hijack supply chains by duplicating and publishing malicious modules. GitHub’s countermeasure is ineffective for Go modules, with a call for action from Go or … Read more