supply-chain attackAttack on DevOps: secrets leaked via malicious GitHub Action
How to respond to a compromised GitHub changed-files Action incident.
github
9 articles
githubMalicious code on GitHub: How hackers target programmers
We discovered over 200 repositories with fake projects on GitHub. Using them, attackers distribute stealers, clippers, and backdoors.
Banshee: A stealer targeting macOS users
Banshee stealer, a macOS stealer that emerged last year, is now roaming free on the Web, infecting Mac users and gaining new capabilities. How to protect yourself?
phishingPhishing on GitHub through job offers to… developers
Developers’ accounts are being hijacked using fake job offers sent from a legitimate GitHub address.
Malware lurking in “official” GitHub and GitLab links
Can you catch malware by downloading files from Microsoft’s repositories on GitHub? Turns out, you can. Stay alert!
GitHub key leaks and how to prevent them
Hundreds of thousands of tokens and cryptographic keys have been discovered on GitHub. We explain why this is bad and how to avoid a leak.
podcastTransatlantic Cable podcast, episode 23
In this week’s edition of Kaspersky Lab’s podcast, Jeff and Dave discuss a Ethereum scam in Twitter, China’s surveillance glasses, and iPhone source code on GitHub.
breachSecurity Week 35: Nothing personal, just business
Infosec digest: exploit kit Neutrino in Wordpress, yet another GitHub DDoS, Wyndham responsible for breach, while Target is not.
Talk Security: Million Dollar Malware, Github DDoS
Threatpost security reporters Chris Brook and Brian Donohue discuss the Github DDoS, Dyre banking malware, privacy threats, hacking and more