Security news that informs and inspires

Archive

5 results for tag Github:

Flaw in Crypto Library Causes Revocation of SSH Keys for Git Services

A flaw in the keypair library that caused it to generate weak RSA keys for SSH has caused GitHub and other services to revoke many organizations' keys.

Github, Cryptography

GitHub Drops Passwords in Favor of 2FA

GitHub has eliminated support for passwords for Git operations and now requires the use of a hardware security key or other strong 2FA option.

Supply Chain, Github

Malware Infects NetBeans Projects In Software Supply Chain Attack

The Octopus Scanner malware compromised 26 open source projects hosted on GitHub in a new supply chain attack targeting NetBeans projects, GitHub Security Lab said.

Supply Chain, Appdev, Github

GitHub Expands Scanning to Find Security Flaws in Code

The goal for secure software isn’t to never have vulnerabilities, but to be able to find vulnerabilities as soon as possible so that they can be fixed. GitHub has expanded its code scanning capabilities to make it easier for developers to identify flaws in projects that are managed on its platform.

Open Source, Github, Vulnerability, Appdev

GitHub’s npm Acquisition Will Boost JavaScript Security

The security of the JavaScript software ecosystem will get a significant boost with GitHub acquiring npm, which hosts and maintains the Node package manager and the package registry. GitHub has the resources to invest in robust and stable infrastructure, thorough vetting of software packages, and integration into GitHub's other services.

Javascript, Github, Appsec