Linux bsp (kernel-uboot-secure boot) and middleware developer. Yocto, systemd and Babic's swupdate expert. Amazon Alexa built-in product developer. GitHub Action
Interesting Tips About GitHub Actions and Security Issues by GitGuardian.com GitHub Actions are incredibly useful and powerful when used correctly! Make sure to follow best practices for #Security and apply #MinimumPermissions to keep your workflows safe.
Most GitHub Actions workflows are insecure in some way https://lnkd.in/efgeY_7C #Infosec #Security #Cybersecurity #CeptBiro #GitHubActionsWorkflows #Insecure
GitHub Rotates Keys After High-Severity Vulnerability Exposes Credentials https://lnkd.in/dmtEatqq #Infosec #Security #Cybersecurity #CeptBiro #GitHub #Vulnerability #Credentials
Are your GitHub Actions workflows secure? New research from Snyk reveals vulnerabilities in popular repositories. Our blog post explores common scenarios, offers best practices for secure use, and introduces a free, open-source scanning tool. Learn how to streamline development without compromising security: https://snyk.co/ug1Nb
Most GitHub Actions workflows are insecure in some way https://lnkd.in/efgeY_7C #Infosec #Security #Cybersecurity #CeptBiro #GitHubActions #WorkflowsInsecure
The vulnerability detailed in the article involves a security flaw in GitHub's artifact upload feature, which attackers could exploit to inject malicious files into repositories. This vulnerability, referred to as "ArtiPacked," specifically targets artifact packages that are often used in CI/CD (Continuous Integration/Continuous Deployment) workflows. #cybersecurity #github #artifact #vulnerability
GitHub is under attack by millions of malicious repositories that are trying to exploit a vulnerability in its code scanning feature. The attack, which started on February 28, 2024, has been flooding GitHub with fake repositories that contain malicious code. The attackers are hoping to trick GitHub's code scanning feature into running the code and compromising the servers. Code scanning is a feature that GitHub introduced in 2020 to help developers find and fix security issues in their code. It uses a variety of tools and scanners to analyze the code and detect vulnerabilities. However, it seems that the feature has a flaw that allows attackers to execute arbitrary code on GitHub's servers. The attackers are creating millions of repositories with names that look like random strings of characters. Each repository contains a file named .github/workflows/main.yml, which is a configuration file for GitHub Actions, a feature that allows developers to automate tasks on GitHub. The file contains a malicious script that tries to run on GitHub's servers when the code scanning feature is triggered. GitHub has been working to mitigate the attack and block the malicious repositories. However, the attackers are constantly creating new ones, making it hard for GitHub to keep up. GitHub has also been notifying its users about the attack and advising them not to enable code scanning on any repository that they do not trust. The attack is still ongoing and it is not clear who is behind it or what their motive is. Some security experts have speculated that the attackers may be trying to steal sensitive data from GitHub or cause damage to its infrastructure. Others have suggested that the attack may be a prank or a demonstration of GitHub's vulnerability. GitHub is one of the most popular platforms for hosting and collaborating on software projects. It has over 100 million users and hosts over 200 million repositories. The attack could have serious consequences for GitHub and its users if it is not stopped soon. https://lnkd.in/gWiyVDt7
🔒 Protect your GitHub workflows! Automating processes with GitHub Actions enhances security, but only if done right. Learn about common attack vectors, from code injections to cache poisoning, and discover how to safeguard your CI/CD pipelines. Read our guest blog by Joyce Brum 👉: https://lnkd.in/etUPj7vg #OSSSecurty
GitHub Vulnerability “ArtiPACKED” Trigger RCE Exploit to Hack Repositories: The research identifies a critical security vulnerability in GitHub Actions artifacts, enabling unauthorized access to tokens and secrets within CI/CD pipelines. Misconfigured workflows in major organizations’ public repositories exposed sensitive information, potentially compromising cloud environments and allowing attackers to inject malicious code into production systems. By exploiting leaked GitHub tokens, adversaries could manipulate repositories and […] The post GitHub Vulnerability “ArtiPACKED” Trigger RCE Exploit to Hack Repositories appeared first on Cyber Security News. #CyberSecurity #InfoSec
GitHub Vulnerability 'ArtiPACKED' Exposes Repositories to Potential Takeover | Read more hacking news on The Hacker News cybersecurity news website and learn how to protect against cyberattacks and software vulnerabilities.
GitHub Releases Results of 2FA Requirements for Code Contributors - Australia Cyber Security Magazine: GitHub Releases Results of 2FA Requirements for Code Contributors Australia Cyber Security Magazine #CyberSecurity #InfoSec #SecurityInsights