S3 Ep95: Slack leak, Github onslaught, and post-quantum crypto [Audio + Text]
Latest episode – listen now! (Or read the transcript if you prefer.)
Want to know more about this topic or about us? Contact us!
Latest episode – listen now! (Or read the transcript if you prefer.)
If you spew projects laced with hidden malware into an open source repository, don’t waste your time telling us “no harm done” afterwards.
Latest episode – listen now!
Learn how to find out which apps you’ve given access rights to, and how to revoke those rights immediately in an emergency.
Training data stashed in GitHub by mistake… unfortunately, it was *real* data
Impacted are PHP-based websites running a vulnerable version of the web-app creation tool Zend Framework and some Laminas Project releases.
The worm returned in recent attacks against web applications, IP cameras and routers. The Gitpaste-12 worm has returned in new attacks targeting web applications, IP cameras and routers, this time with an expanded set of exploits for initially compromising devices. First discovered in a round of late-October attacks that targeted Linux-based . . . Read more
Bug hunters at GitHub Security Labs help shore up German contact tracing app security, crediting open source collaboration. A security vulnerability in the infrastructure underlying Germany’s official COVID-19 contact-tracing app, called the Corona-Warn-App (CWA), would have allowed pre-authenticated remote code execution (RCE). Researcher Alvaro Muñoz wrote in a report this . . . Read more
The newly discovered malware uses GitHub and Pastebin to house component code, and harbors 12 different initial attack vectors.
The administrator of your personal data will be Threatpost, Inc., 500 Unicorn Park, Woburn, MA 01801. Detailed information on the processing of personal data can be found in the privacy policy. In addition, you will find them in the message confirming the subscription to the newsletter.