git Archives - Developer Tech News

EMERALDWHALE exploits vulnerable Git configuration files

Ryan Daws — Fri, 01 Nov 2024 15:35:46 +0000

Sysdig’s Threat Research Team (TRT) has uncovered a global operation known as EMERALDWHALE, which has stolen over 15,000 cloud service credentials by exploiting exposed Git configuration files. EMERALDWHALE utilised multiple private tools to exploit several misconfigured web services, resulting in the theft of credentials from more than 10,000 private repositories. Though the operation’s primary targets... Read more »

The post EMERALDWHALE exploits vulnerable Git configuration files appeared first on Developer Tech News.

GitHub Copilot users gain access to Stack Overflow knowledge

Ryan Daws — Tue, 29 Oct 2024 16:10:02 +0000

Stack Overflow has launched an extension for GitHub Copilot that promises to improve how developers find solutions. The extension allows users to pose questions directly within the AI-driven coding assistant and receive summarised responses informed by Stack Overflow’s extensive knowledge base. GitHub and Stack Overflow’s partnership aims to aid developers in tackling their most challenging... Read more »

The post GitHub Copilot users gain access to Stack Overflow knowledge appeared first on Developer Tech News.

GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability

Ryan Daws — Thu, 22 Aug 2024 12:26:30 +0000

GitHub has released Enterprise Server 3.13.3, addressing several security vulnerabilities, including a critical flaw affecting instances using SAML single sign-on. Alongside security patches, the update delivers bug fixes, minor feature enhancements, and changes to the platform. The most pressing issue tackled by this update is a critical vulnerability (CVE-2024-6800) impacting instances employing SAML SSO with... Read more »

The post GitHub Enterprise Server 3.13.3 tackles critical SAML vulnerability appeared first on Developer Tech News.

Unit 42 researchers uncover critical GitHub Actions vulnerability

Ryan Daws — Thu, 15 Aug 2024 11:03:55 +0000

A new attack vector that could compromise GitHub repositories has been uncovered by researchers at Palo Alto Networks’ Unit 42 team. The vulnerability, which exploits GitHub Actions artifacts generated during CI/CD workflows, could potentially grant high-level access to cloud environments. The researchers found that a combination of misconfigurations and security flaws can cause artifacts to... Read more »

The post Unit 42 researchers uncover critical GitHub Actions vulnerability appeared first on Developer Tech News.

GitLab update addresses pipeline execution vulnerability

Ryan Daws — Thu, 11 Jul 2024 13:05:35 +0000

GitLab has released critical security updates to address multiple vulnerabilities, including a high-severity flaw that could allow attackers to run pipeline jobs as arbitrary users. The company strongly recommends all GitLab installations be upgraded immediately to the latest versions: 17.1.2, 17.0.4, or 16.11.6 for both Community Edition (CE) and Enterprise Edition (EE). The most critical... Read more »

The post GitLab update addresses pipeline execution vulnerability appeared first on Developer Tech News.

CISA sounds alarm on critical GitLab flaw under active exploit

Ryan Daws — Thu, 02 May 2024 13:51:18 +0000

The US Cybersecurity and Infrastructure Security Agency (CISA) has labelled a critical vulnerability affecting the popular Git-based repository manager GitLab as a Known Exploited Vulnerability (KEV). The move comes in response to active exploitation attempts detected in the wild, underscoring the urgency for organisations to promptly apply security updates. Tracked as CVE-2023-7028, the severe flaw... Read more »

The post CISA sounds alarm on critical GitLab flaw under active exploit appeared first on Developer Tech News.

GitHub rotates credentials following vulnerability discovery

Ryan Daws — Wed, 17 Jan 2024 16:58:10 +0000

GitHub has rotated encryption keys following the discovery of a vulnerability that could have enabled threat actors to steal credentials, the company revealed Tuesday. The Microsoft-owned firm said it first became aware of the high-severity security flaw tracked as CVE-2024-0200 on 26 December 2023. After investigating the issue and verifying there was no evidence it... Read more »

The post GitHub rotates credentials following vulnerability discovery appeared first on Developer Tech News.

GitHub now serves over 100M developers

Ryan Daws — Mon, 30 Jan 2023 16:25:11 +0000

GitHub has achieved its goal to serve 100 million developers with two years to spare. In 2019, GitHub set a goal to have 100 million developers using the service by 2025. In a blog post, GitHub announced that it’s already reached that historic milestone. GitHub CEO Thomas Dohmke wrote: “Today, I’m excited to share that... Read more »

The post GitHub now serves over 100M developers appeared first on Developer Tech News.

GitHub now sends Dependabot alerts for vulnerable Actions

Ryan Daws — Thu, 11 Aug 2022 15:18:52 +0000

GitHub has announced that it will begin sending Dependabot alerts when it detects vulnerable GitHub Actions. GitHub Actions makes it easy for developers to automate their workflows. Dependabot, meanwhile, automatically updates dependencies to keep your projects secure. When an Action vulnerability is discovered, GitHub’s team of security researchers will create an advisory to document it.... Read more »

The post GitHub now sends Dependabot alerts for vulnerable Actions appeared first on Developer Tech News.

GitLab pivots on decision to wipe dormant projects

Ryan Daws — Fri, 05 Aug 2022 12:05:25 +0000

GitLab appears to have pivoted on a decision to automatically wipe dormant projects. On Thursday, The Register reported that GitLab planned to delete projects that have been inactive for a year and are owned by free users. The policy was due to come into effect in late September. GitLab is said to have estimated the... Read more »

The post GitLab pivots on decision to wipe dormant projects appeared first on Developer Tech News.