Unidentified threat actors used multiple tactics to launch a sophisticated software supply-chain campaign targeting developers on the GitHub platform, including members of the popular Top.gg community that includes more than 170,000 members. The attackers used a range of tactics and techniques, from leveraging stolen browser cookies to take over accounts to contributing malicious code with..

The post Complex Supply Chain Attack Targets GitHub Developers appeared first on Security Boulevard.

Developers are getting more help detecting and addressing bugs in their code through new AI-based tools that Sentry.io and GitHub each introduced this week. Sentry unveiled the beta of Autofix, a feature that uses company’s machine learning and AI capabilities and is aimed at debugging errors in production by leveraging what the vendor knows about..

The post Sentry, GitHub Use AI to Help Fix Coding Errors appeared first on Security Boulevard.

Forking hell: Scrotebots clone thousands of projects, injecting malware millions of times.

The post GitHub Fights Forks — Millions of Them — Huge Software Supply Chain Security FAIL appeared first on Security Boulevard.

Oh, Lord: My friends all hack Porsches—I must make amends.

The post ‘Extremely serious’ — Mercedes-Benz Leaks Data on GitHub appeared first on Security Boulevard.

Threat actors are finding new ways to take advantage of GitHub in hopes of tricking developers into putting malicious code into their software and sending to users downstream, according to researchers with ReversingLabs. Code repositories like GitHub and Python Package Index (PyPI) are popular targets for hackers who want to abuse the software supply chain..

The post Attackers Finding Novel Ways to Abuse GitHub: ReversingLabs appeared first on Security Boulevard.

The National Security Agency released a code repository in GitHub to make it easier for critical infrastructure organizations and similar entities to better identify and detect potentially malicious activities in their operational technology (OT) environments. The agency announced this week that it released the repository for OT Intrusion Detection Signatures and Analytics to the NSA..

The post NSA Releases EliteWolf GitHub Repository for Securing OT Environments appeared first on Security Boulevard.

GitHub is the Megladon of source code hosts, and as such, it sports a gargantuan bulls-eye that flashes neon to hackers looking to poison the software supply chain.  

The post Biggest GitHub code security threats | Software Supply Chain Security | Contrast Security appeared first on Security Boulevard.

The post GitHub Repositories Victimized Amid Supply Chain Attack                 appeared first on TuxCare.

The post GitHub Repositories Victimized Amid Supply Chain Attack                 appeared first on Security Boulevard.

The post Beware: WinRAR Vulnerability PoC Exposed appeared first on TuxCare.

The post Beware: WinRAR Vulnerability PoC Exposed appeared first on Security Boulevard.

Insight #1

For years — since 2018 — the National Institute of Standards and Technology (NIST) has said that password length trumps password complexity requirements. Now LastPass is
forcing users into choosing a longer password. This is a brilliant move. More companies should
force long passwords (12 characters or more) by default.

The post Cybersecurity Insights with Contrast CISO David Lindner | 9/29 appeared first on Security Boulevard.