GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

Fraudsters redirected email and web traffic destined for several cryptocurrency trading platforms over the past week. The attacks were facilitated by scams targeting employees at GoDaddy, the world’s largest domain name registrar, KrebsOnSecurity has learned. Continue reading GoDaddy Employees Used in Attacks on Multiple Cryptocurrency Services

German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. Continue reading German COVID-19 Contact-Tracing Vulnerability Allowed RCE

Turning GitHub Into A URL Shortening Service

URL shortening services like TinyURL or Bitly have long become an essential part of the modern web, and are popular enough that even Google killed off their own already. Creating your own shortener is also a fun exercise, and in its core doesn’t require much more than a nifty domain …read more

Continue reading Turning GitHub Into A URL Shortening Service

youtube-dl Makes Their Case, Returns to GitHub

Last month, the GitHub repository for the popular program youtube-dl was taken down in response to a DMCA takedown notice filed by the Recording Industry Association of America (RIAA). The crux of the RIAA complaint was that the tool could be used to download local copies of music streamed from …read more

Continue reading youtube-dl Makes Their Case, Returns to GitHub

New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

By Waqas
Gitpaste-12 uses GitHub and Pastebin for framing the component code and has 12 different attack modules.
This is a post from HackRead.com Read the original post: New worming botnet Gitpaste-12 infecting IoT devices, Linux servers
Continue reading New worming botnet Gitpaste-12 infecting IoT devices, Linux servers

Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

Just months after Octopus Scanner was caught infecting 26 open-source projects on GitHub, new reports have already surfaced of another, new sophisticated malware infection. Gitpaste-12, a worming botnet, is extremely versatile in its advanced capa… Continue reading Gitpaste-12: A dozen exploits that silently lived on GitHub, attacked Linux servers

Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

A critical vulnerability (CVE-2020-27955) in Git Large File Storage (Git LFS), an open source Git extension for versioning large files, allows attackers to achieve remote code execution if the Windows-using victim is tricked into cloning the attacker&#… Continue reading Git LFS vulnerability allows attackers to compromise targets’ Windows systems (CVE-2020-27955)

How can the authenticity of releases on GitHub and GitLab be ensured? Can their hashsums change?

To help ensure authenticity of packages some projects on GitHub and on GitLab add hashsums to the descriptions of the release on the Releases page. Sometimes, at least here, the hashsum are made part of the release’s filename.
However, man… Continue reading How can the authenticity of releases on GitHub and GitLab be ensured? Can their hashsums change?

Enso Security raises $6M for its application security management platform

Enso Security, a Tel Aviv-based startup that is building a new application security platform, today announced that it has raised a $6 million seed funding round led by YL Ventures, with participation from Jump Capital. Angel investors in this round include HackerOne co-founder and CTO Alex Rice; Sounil Yu, the former chief security scientist at […] Continue reading Enso Security raises $6M for its application security management platform