Tag: Open Source Hosting
-
Securing millions of developers through 2FA
Though technology has advanced significantly to combat the proliferation of sophisticated security threats, the reality is that preventing …
-
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland… – SWN #380
Robofly, CRUSHFTP, Github, Palo Alto, MITRE, Fancy Bear, Deepfakes, Aaran Leyland, and more, on this Edition of the Security Weekly …
-
RisePro stealer targets Github users in “gitgub” campaign
Github repositories We identified at least 13 such repositories belonging to a RisePro stealer campaign that was named “gitgub” by the …
-
Keeping secrets out of public repositories
Accidental leaks of API keys, tokens, and other secrets risk security breaches, reputation damage, and legal liability at a mind-boggling …
-
How to stay safe from repo-jacking
“Repo-jacking” is a type of supply chain attack that has received attention for its potential impact on open source software. In this …
-
2nd critical GitLab patch of 2024 fixes arbitrary file writing bug
A GitLab vulnerability enabling file writing to arbitrary locations on a server was patched last Thursday, two weeks after the company …
-
Veolia, FeverWarn, SystemK, Fortra, GitLab, Ring, Trickbot, Aaran Leyland, and More – SWN #357
Defeating the MOAB: Fortifying our Passwords against a 26 Billion Record Breach All I can think about is the mother of all bombs, which …
-
GitLab password reset bug leaves more than 5.3K servers up for grabs
Team project management platform Trello was noted by the Have I Been Pwned? breach notification service to have data from more than 15 …
-
Rotating credentials for GitHub.com and new GHES patches
On December 26, 2023, GitHub received a report through our Bug Bounty Program demonstrating a vulnerability which, if exploited, allowed …
-
GitLab warns zero-click vulnerability could lead to account takeovers
GitLab has issued a warning about a critical vulnerability in GitLab Community Edition (CE) and Enterprise Edition (EE). GitLab is an …
-
Patch time: Critical GitLab vulnerability exposes 2FA-less users to account takeovers
GitLab admins should apply the latest batch of security patches pronto given the new critical account-bypass vulnerability just disclosed. …
-
Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days
Here’s an overview of some of last week’s most interesting news, articles, interviews and videos: Social engineer reveals effective …
●●●