Collaborate Disseminate
Finders Keypers is an open-source tool for analyzing the current usage of AWS KMS keys. It supports both AWS customer managed KMS keys and AWS Managed KMS keys. Use cases include: Identifying the blast radius of specific KMS keys and the resources they… Continue reading Finders Keypers: Open-source AWS KMS key usage finder
More details have come to light on the recent supply chain attack targeting GitHub Actions, including its root cause.
The post Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed appeared first on SecurityWeek.
Continue reading Impact, Root Cause of GitHub Actions Supply Chain Hack Revealed
Long-lived plaintext credentials have been involved in most breaches over the last several years, according to GitGuardian. When valid credentials, such as API keys, passwords, and authentication tokens, leak, attackers at any skill level can gain init… Continue reading 70% of leaked secrets remain active two years later
Dependency-Check is an open-source Software Composition Analysis (SCA) tool to identify publicly disclosed vulnerabilities within a project’s dependencies. The tool analyzes dependencies for Common Platform Enumeration (CPE) identifiers. When a m… Continue reading Dependency-Check: Open-source Software Composition Analysis (SCA) tool
GitHub security alert: Malicious code found in ‘tj-actions/changed-files,’ impacting 23K+ repos. Learn how to check, remove, and protect… Continue reading Malicious Code Hits ‘tj-actions/changed-files’ in 23,000 GitHub Repos
A phishing campaign targeting GitHub account owners has been trying to scare them with a fake security alert into allowing a malicious OAuth app access to their account and repositories. The fake security alert from GitHub GitHub users have taken to so… Continue reading GitHub project maintainers targeted with fake security alert
The tj-actions/changed-files GitHub Action, which is used in 23,000 repositories, has been targeted in a supply chain attack.
The post Popular GitHub Action Targeted in Supply Chain Attack appeared first on SecurityWeek.
Continue reading Popular GitHub Action Targeted in Supply Chain Attack
IntelMQ is an open-source solution designed to help IT security teams (including CERTs, CSIRTs, SOCs, and abuse departments) streamline the collection and processing of security feeds using a message queuing protocol. “Originally designed for CSI… Continue reading IntelMQ: Open-source tool for collecting and processing security feeds
Socket researchers said the malware-ridden packages were collectively downloaded over 330 times. GitHub removed all of the malicious packages Wednesday.
The post Lazarus Group deceives developers with 6 new malicious npm packages appeared first on CyberScoop.
Continue reading Lazarus Group deceives developers with 6 new malicious npm packages
NetBird is an open-source solution that integrates a configuration-free peer-to-peer private network with centralized access control, providing a single platform to build secure private networks for your organization or home. NetBird features NetBird c… Continue reading NetBird: Open-source network security