GitHub will revoke three password-protected code-signing certificates for its Desktop and Atom applications on Thursday of this week. GitHub detected unauthorized access to repositories in early December 2022. The revocation will invalidate certain versions of Desktop and Atom as of February 2. Mac users are urged to update to the latest version of Desktop (2.3.1.5 …
GitHub
Question When navigating Microsoft Github for software download, I noticed that the page had a variety of files, none of which were .msi, exe, or zip formats. How can I quickly locate the installation files without taking the time to search? Answer GitHub is an open-source repository providing access to source code and select executables …
The biggest story, by far, even if it didn’t get any media coverage, was Slack’s secret data breach disclosure published just ahead of New Year’s Eve. The company said a threat actor stole “Slack employee tokens” and gained access to its GitHub source code repositories. This happened on December 27, according to Slack, and the …
Question I am using the Free Version of GitHub. May I know the steps and suggestions for how to grant a specific user who I invited to access to my GitHub secure repository? Answer Step 1: On GitHub.com, navigate to the main page of the repository. Step 2: Click the Settings under the repository name. …
Updated on 2022-12-15: GitHub rolls out free secret scanning to everyone GitHub also announced this week that its secrets/toke-scanning feature is being expanded from private repos to all users. This is a big big win! Updated on 2022-12-14 GitHub to extend support for the free scanning of exposed secrets, including authentication tokens and credentials, to …
Updated on 2022-11-06: Dropbox phishing attack exposed some GitHub-stored code Cloud giant Dropbox confirmed a data breach this week affecting its development environment. Dropbox said in a post-mortem that no customer data, content, passwords or payment info was taken. While limited in nature and contained, the disclosure explains what went wrong and why. (Yes, even …
Updated on 2022-10-24: GitHub Repositories with Phony PoCs and Malware In a technical paper published earlier this month, researchers from Leiden Institute of Advanced Computer Science present findings from their study of the distribution of malicious proof-of-concept exploits on GitHub. In their paper, the researchers write, “We have proposed an approach to detect if a …
Updated on 2022-09-23: Phishing Campaign Targets GitHub and CircleCI Users A phishing campaign is targeting customers of GitHub and the CircleCI continuous integration and delivery platform in an attempt to harvest account credentials. Both companies have notified their customers bout the malicious emails. Note It appears that there has been a significant increase in phishing …
