Octopus Scanner Sinks Tentacles into GitHub Repositories

At least 26 different open-source code repositories were found to be infected with an unusual attack on the open-source software supply chain. Continue reading Octopus Scanner Sinks Tentacles into GitHub Repositories

How GitHub untangled itself from the ‘Octopus’ malware that infected 26 software projects

For GitHub, not all reports about malicious software on its platform are of equal importance. The company behind the popular software repository, where developers often share code rather than building it from scratch, revealed this week that attackers were trying to exploit the open-source nature of the site to distribute malware. A hacking tool was designed to spread through software projects, then leave a “backdoor” that could offer hackers persistent access to the software. By infiltrating open-source software, hackers could have given themselves a foothold in code that was later included in corporate apps or websites. Open-source websites continue to represent valuable targets for hackers hoping that technology companies will adopt compromised tools to build their own software. (GitHub claims the site has tens of millions of users.) In this case, the malicious code — which spread to 26 different GitHub projects — is an example of the potentially insidious nature of open-source supply chain compromises. Dubbed Octopus Scanner, […]

The post How GitHub untangled itself from the ‘Octopus’ malware that infected 26 software projects appeared first on CyberScoop.

Continue reading How GitHub untangled itself from the ‘Octopus’ malware that infected 26 software projects

Microsoft Releases the Source Code You Wanted Almost 30 Years Ago

In the late 1970s and early 1980s, if you had a personal computer there was a fair chance it either booted into some version of Microsoft Basic or you could load and run Basic. There were other versions, of course, especially for very small computers, but the gold standard for …read more

Continue reading Microsoft Releases the Source Code You Wanted Almost 30 Years Ago

Microsoft Open-Sources Fluid Framework, Launches Preview for Outlook and Office Online

Microsoft is open-sourcing its Fluid Framework on GitHub, and launching the first way for end users to use the new framework in Microsoft 365 with Fluid Workspaces and Components.
The post Microsoft Open-Sources Fluid Framework, Launches Preview for O… Continue reading Microsoft Open-Sources Fluid Framework, Launches Preview for Outlook and Office Online

How GitOps Raises the Stakes for Application Security

The rise of GitOps comes from the industry’s increased adoption of Kubernetes. As organizations and teams shift towards Kubernetes, scaling their cluster management practices becomes imperative as teams and workloads grow in size. This is where G… Continue reading How GitOps Raises the Stakes for Application Security