GitHub
GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services
Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world's largest domain name registrar, ...
Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers
Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in ...
Community detection: CVE-2020-16898
By Ben Reardon, Corelight Security Researcher This month’s Microsoft Patch Tuesday included a severe Remote Code Execution vulnerability in the way that Windows TCP/IP handles IPv6 “Router Advertisement” ICMP messages. Due to ...
Fake npm Packages Found in GitHub Repository
Security researchers discovered four vulnerable npm packages uploaded to GitHub that were capable of collecting the user’s IP address, geolocation and device hardware data. Not all attacks have a high-visibility profile. Some ...
Expert Q&A on Securing Code in GitHub with Checkmarx
Today, Checkmarx announced a new GitHub Action to bring seamless and automated security scans within GitHub repositories. Our new Action for GitHub integrates Checkmarx SAST (CxSAST) and Checkmarx SCA (CxSCA) directly into the GitHub platform, providing our comprehensive static and open source security testing ...
Top Five Most Infamous DDoS Attacks
Guest article by Adrian Taylor, Regional VP of Sales for A10 Networks Distributed Denial of Service (DDoS) attacks are now everyday occurrences. Whether you’re a small non-profit or a huge multinational conglomerate, your ...
Together is faster: Zeek for vulnerabilities
“There is an open approach that is currently rippling across the infosec industry that could give defenders the acceleration they need.” – John Lambert (Distinguished Engineer, Microsoft) By Greg Bell, CEO of ...
Researcher Discloses 9 Leaky GitHub Repos Affecting 200K U.S. Residents – ‘And Possibly Many More’
A Dutch security researcher has stumbled across nine data leak incidents involving medical records belonging to cca 200,000 patients, and possibly many more – all due to developer blunders on GitHub repositories ...
Zeek in it’s sweet spot: Detecting F5’s Big-IP CVE10 (CVE-2020-5902)
By Ben Reardon, Corelight Security Researcher Having a CVE 10 unauthenticated Remote Code Execution vulnerability on a central load balancing device? That’s bad… Not being able to detect when a threat actor ...
Find and Fix Vulnerabilities in Seconds using GitHub PR Reviews with Line Comments
Pull request line comments highlight the exact line(s) of code that introduced a policy violation, giving developers all the information they need to remediate open source risks and innovate securely without sacrificing ...
