GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials https://lnkd.in/dmtEatqq #Infosec #Security #Cybersecurity #CeptBiro #GitHub #Vulnerability #Credentials
CeptBiro - Sécurité et Cybersécurité de l'information’s Post
More Relevant Posts
-
I design secure cloud architectures with a defense-in-depth approach to mitigate risk, while teaching people at all levels how to be more secure online and in life.
I found a great explanation of unsafe reflection at https://lnkd.in/gMxWUW7n
🚨 GitHub fixes high-severity bug (CVE-2024-0200) that could've exposed your credentials in production containers. Your keys have been rotated — Import new ones for commit signing, Actions, Codespaces, or Dependabot. Details here: https://lnkd.in/dmtEatqq #cybersecurity #tech
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials
thehackernews.com
To view or add a comment, sign in
-
Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling
🔉 Mishandled GitHub token exposes Mercedes-Benz source code 🔉 The mishandling of GitHub tokens has led to the exposure of Mercedes-Benz source code, with researchers at RedHunt Labs discovering "unrestricted" and "unmonitored " access to an Internal GitHub Enterprise Server. The token providing this access was exposed via a public GitHub repository. 👉 This exposure provided access to a wealth of information, including intellectual property, access keys, connection strings, SSO passwords, API keys, and other critical internal details. It highlights the need for all organizations to secure their code repos and model this attack vector. #cybersecurity #news #github #mercedes #dataleak
Mercedes-Benz Source Code at Risk: GitHub Token Mishap Sparks Major Security Concerns - RedHunt Labs
http://redhuntlabs.com
To view or add a comment, sign in
-
🔹 Tens of thousands of public GitHub repositories are vulnerable to malicious code injection via self-hosted GitHub Actions runners, which could lead to high-impact supply chain attacks, security researchers warn. 🔹 This new class of CI/CD attacks can be launched if a repository has self-hosted runners attached. These are “build agents hosted by end users running the Actions runner agent on their own infrastructure,” Praetorian security researcher Adnan Khan explains. 🔹 A self-hosted runner attached to a repository can be used by any workflow running in that repository’s context, and this also applies to workflows from fork pull requests, which could run malicious code, thus representing a major security risk. 🔹 “By changing a workflow file within their fork, and then creating a pull request anyone with a GitHub account can run arbitrary code on a self-hosted runner,” Khan notes. #suplychain #supplychainattacks #github #vendor #vendors #vendorriskmanagement #vendorrisk #tprm #cybersecurity #governance #thirdpartyrisk #vrm #openvrm #buckler https://lnkd.in/gGwVgw92
Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack
securityweek.com
To view or add a comment, sign in
-
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover
thehackernews.com
To view or add a comment, sign in
-
The vulnerability detailed in the article involves a security flaw in GitHub's artifact upload feature, which attackers could exploit to inject malicious files into repositories. This vulnerability, referred to as "ArtiPacked," specifically targets artifact packages that are often used in CI/CD (Continuous Integration/Continuous Deployment) workflows. #cybersecurity #github #artifact #vulnerability
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover
thehackernews.com
To view or add a comment, sign in
-
I help businesses proactively enhance their security posture | Senior Associate, Cyber Security Consultant at KPMG Sweden
So, for anyone out of the loop – GitHub has now implemented push protection as a default feature, which scans code commits for secrets before accepting them. This helps to safeguard against unintentional exposure of private data, such as access tokens and passwords, within public repositories. GitHub boasts its ability to identify over 200 distinct secret patterns and token types. Even after the couple of high-impact breaches due to exposed credentials and secrets that have happened the last few years, GitHub reported that they detected a staggering amount of over 1 million leaked secrets in public repositories in the first 8 weeks of 2024 alone! What additional proactive measures do you think developers and organizations should adopt to prevent secrets from ever being exposed in the first place? Full article: https://lnkd.in/egczUYFX #github #security #devops #cybersecurity
GitHub enables push protection by default to stop secrets leak
bleepingcomputer.com
To view or add a comment, sign in
-
Helping demystify cyber threat intelligence for businesses and individuals | CTI | Threat Hunting | Custom Tooling
📣 GitHub enables the protection of secret leaks by default 📣 GitHub has enabled push protection by default. This feature prevents secrets from leaking when pushing code to public repositories on GitHub.Push protection proactively prevents leaks by scanning for secrets before 'git push' operations are accepted and blocking the commits when a secret is detected. 👉 Making this feature the default will help prevent security breaches, reputation damage, and legal liability caused by accidental leaks of secrets. However, it also requires users to be careful and vigilant when pushing code. #github #secrets #developers #code #cybersecurity
Keeping secrets out of public repositories
https://github.blog
To view or add a comment, sign in
-
Linux bsp (kernel-uboot-secure boot) and middleware developer. Yocto, systemd and Babic's swupdate expert. Amazon Alexa built-in product developer. GitHub Action
Interesting Tips About GitHub Actions and Security Issues by GitGuardian.com GitHub Actions are incredibly useful and powerful when used correctly! Make sure to follow best practices for #Security and apply #MinimumPermissions to keep your workflows safe.
GitHub Actions Security Best Practices [cheat sheet included]
blog.gitguardian.com
To view or add a comment, sign in
-
Ever wondered how a simple mistake could lead to a major security breach? Well, it turns out that accidentally leaking API keys, tokens, and other secrets in public repositories is a more common issue than you might think. In just the first eight weeks of 2024, GitHub detected over 1 million leaked secrets. That's a staggering number, but there's good news on the horizon. GitHub has taken a significant step forward by making secret scanning push protection a default feature for all pushes to public repositories. This move is designed to catch these secrets before they go public, offering an option to remove them or bypass the block if deemed safe. It's a game-changer for developers and organizations alike, aiming to protect reputations, revenues, and legal standings. The rollout of this feature has begun and will be fully implemented in the coming weeks, providing a much-needed layer of security in the open-source community. Moreover, GitHub's secret scanning capabilities are top-notch, guarding against over 200 token types from more than 180 service providers with the industry's highest precision. For those interested in bolstering their code's security and learning more about these features, GitHub encourages engagement within their community forums. It's a fantastic opportunity to share insights and experiences, further strengthening our collective defense against potential leaks. Remember, in the digital age, our vigilance in protecting our secrets is paramount. Let's embrace these tools and practices to safeguard our work and reputation. Happy Friday! #CyberSecurity #GitHub #DevSecOps #OpenSource Casey Jones
Keeping secrets out of public repositories
https://github.blog
To view or add a comment, sign in
-
GitHub users accidentally exposed 12.8 million authentication and sensitive secrets in over 3 million public repositories during 2023, with the vast majority remaining valid after five days. This is according to cybersecurity experts at GitGuardian, who sent out 1.8 million complimentary email alerts to those who exposed secrets, seeing only a tiny 1.8% of those contacted taking quick action to correct the error. #github #cybersecurity #authentication #dataleak
Over 12 million auth secrets and keys leaked on GitHub in 2023
bleepingcomputer.com
To view or add a comment, sign in
3,351 followers