Git

Export and Distribute SBOMs Directly From Your Git Repositories

Mar 24, 2022 By RKVST In DataTrails

Guest Blog by Daniel Parmenvik – CEO of bytesafe.dev For many, Software Bill of Materials (SBOMs) have changed from a manual list of assets for due diligence procedures to become an integral and automated part of software development. The ever increasing appetite for open-source software translates into a need to keep track of software assets (or open-source dependencies) for all applications, at any given point in time.

Read Post

DataTrails

Read more about Export and Distribute SBOMs Directly From Your Git Repositories

SSH and Git, meet 1Password

Mar 15, 2022 By Dave Teare In 1Password

1Password now includes full support for SSH keys, providing the easiest and most secure way for developers to manage SSH keys and use Git in their daily workflow.

Read Post

1Password

Read more about SSH and Git, meet 1Password

Cloud Threats Memo: Tightening Up Leaky GitHub Repositories

Mar 8, 2022 By Paolo Passeri In Netskope

Another day, another cloud service leaking personal data because of a misconfiguration. And before you jump to any conclusions, no, it’s not a leaky bucket on AWS S3 or a public blob on Microsoft Azure… The culprit is, once again, GitHub, where an open-source hardware manufacturer has inadvertently left exposed a private-to-public repository that “could have enabled unauthorized access to information about certain user accounts on or before 2019.”

Read Post

Netskope

Read more about Cloud Threats Memo: Tightening Up Leaky GitHub Repositories

Cloud Threats Memo: New Malicious Campaign Using GitHub for Command and Control

Feb 2, 2022 By Paolo Passeri In Netskope

State-sponsored threat actors continue to exploit legitimate cloud services. In their latest campaign, uncovered by Malwarebytes during January 2022, the North Korean group Lazarus (AKA HIDDEN COBRA) has been carrying out spear phishing attacks, delivering a malicious document masquerading as a job opportunity from Lockheed Martin (37% of malware is now delivered via Office documents).

Read Post

Netskope

Read more about Cloud Threats Memo: New Malicious Campaign Using GitHub for Command and Control

BotenaGo strikes again - malware source code uploaded to GitHub

Jan 26, 2022 By Ofer Caspi In AT&T Cybersecurity

In November 2021, AT&T Alien Labs™ first published research on our discovery of new malware written in the open-source programming language Golang. The team named this malware “BotenaGo.” In this article, Alien Labs is updating that research with new information.

Read Post

AT&T Cybersecurity

Read more about BotenaGo strikes again - malware source code uploaded to GitHub

GitHub Integration 1.0 - Installation & Setup

Jan 5, 2022 By Mend In Mend

This is the first video in a series describing how WhiteSource can integrate with GitHub to detect open source artifacts and their known vulnerabilities and licensing risks. This video will focus on setting up a repository to be scanned automatically on a valid push.

View Video

Mend

Read more about GitHub Integration 1.0 - Installation & Setup

Veracode and Github Integration

Nov 22, 2021 By Veracode In Veracode

This video shows how to integrate Veracode’s Static Analysis solution to automate scans and consume results in the GitHub platform.

View Video

Veracode

Read more about Veracode and Github Integration

Malware analysis: Hands-On Shellbot malware

Nov 2, 2021 By Alberto Pellitteri In Sysdig

Malware analysis is a fundamental factor in the improvement of the incident detection and resolution systems of any company. The Sysdig Security Research team is going to cover how this Shellbot malware works and how to detect it. Shellbot malware is still widespread. We recorded numerous incidents despite this being a relatively old and known attack that is also available on open Github repositories.

Read Post

Sysdig

Read more about Malware analysis: Hands-On Shellbot malware

How To Use Teleport: Using GitHub for Single Sign On (SSO)

Sep 17, 2021 By Teleport In Teleport

How to setup Teleport to use Github Teams to provide access to your infrastructure. This guide explains how to set up Github SSO with Open Source, Enterprise Teleport, self-hosted or cloud.

View Video

Teleport

Read more about How To Use Teleport: Using GitHub for Single Sign On (SSO)

Anatomy of a Cloud Infrastructure Attack via a Pull Request

Sep 16, 2021 By Walt Della In Teleport

In April 2021, I discovered an attack vector that could allow a malicious Pull Request to a Github repository to gain access to our production environment. Open source companies like us, or anyone else who accepts external contributions, are especially vulnerable to this. For the eager, the attack works by pivoting from a Kubernetes worker pod to the node itself, and from there exfiltrating credentials from the CI/CD system.

Read Post

Teleport

Read more about Anatomy of a Cloud Infrastructure Attack via a Pull Request

Subscribe to Git

Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Git

Export and Distribute SBOMs Directly From Your Git Repositories

SSH and Git, meet 1Password

Cloud Threats Memo: Tightening Up Leaky GitHub Repositories

Cloud Threats Memo: New Malicious Campaign Using GitHub for Command and Control

BotenaGo strikes again - malware source code uploaded to GitHub

GitHub Integration 1.0 - Installation & Setup

Veracode and Github Integration

Malware analysis: Hands-On Shellbot malware

How To Use Teleport: Using GitHub for Single Sign On (SSO)

Anatomy of a Cloud Infrastructure Attack via a Pull Request

Monthly Archive

Follow Us