HackDig : Dig high-quality web security articles for hackers

GitHub users targetted by Sawfish phishing campaign

byDanny BradburyGitHub users beware: online criminals have launched a phishing campaign to try and gain access to your accounts.The Microsoft-owned source code collaboration and version control service reported the campaign, which it calls Sawfish, on Tuesday 14 April. Users were reporting emails that tried to lure them into entering their GitHub credentials
Publish At:2020-04-17 05:35 | Read:513 | Comments:0 | Tags:Phishing github phishing email Sawfish

GitOps Security with k8s-security-configwatch

the k8s-security-configwatch GitHub Action, an open source tool from Sysdig, secures your GitOps workloads by detecting changes on your Kubernetes security configuration. Imagine this scenario: The Secure DevOps team of the “Kubernetes Swag” store is going crazy investigating a security alarm; their Kubernetes containers keep being comprom
Publish At:2020-03-05 15:44 | Read:532 | Comments:0 | Tags:Uncategorized compliance Github Github Actions GitOps Kubern

Image scanning for CircleCI

In this blog post, we are going to cover how to perform container image scanning for CircleCI using Sysdig Secure. Image scanning allows DevOps teams to detect and resolve issues, like known vulnerabilities and incorrect configurations, directly in their CI/CD pipelines. Using Sysdig Secure, you can enforce image policies to block vulnerabilities befo
Publish At:2020-02-20 14:09 | Read:386 | Comments:0 | Tags:Kubernetes Sysdig Secure CircleCI falco Github Openshift

Image Scanning with Github Actions

In this blog post, you will learn how to setup image scanning with Github Actions using Sysdig Secure DevOps Platform. We will create a basic workflow to perform a local scan to detect vulnerabilities and bad practices before the image is pushed to any registry. We will also customize scanning policies to stop the build according to a set of defined rules.
Publish At:2020-01-14 23:50 | Read:607 | Comments:0 | Tags:Sysdig Secure Docker Github Github Actions Kubernetes

Retailer Orvis.com Leaked Hundreds of Internal Passwords on Pastebin

Orvis, a Vermont-based retailer that specializes in high-end fly fishing equipment and other sporting goods, leaked hundreds of internal passwords on Pastebin.com for several weeks last month, exposing credentials the company used to manage everything from firewalls and routers to administrator accounts and database servers, KrebsOnSecurity has learned. Orvi
Publish At:2019-11-12 03:35 | Read:870 | Comments:0 | Tags:A Little Sunshine alex holden GitHub Hold Security Orvis pas

Image scanning for Azure Pipelines

In this blog post, you’ll learn how to setup image scanning for Azure Pipelines using Sysdig Secure DevOps Platform. Azure DevOps gives teams tools like version control, reporting, project management, automated builds, lab management, testing, and release management. Azure Pipelines automates the execution of CI/CD tasks, like building the container i
Publish At:2019-11-11 23:50 | Read:714 | Comments:0 | Tags:Sysdig Secure Azure Azure Pipelines falco Github Kubernetes

A week in security (October 7 – 13)

Last week on Malwarebytes Labs, we peered into the possible future of cybersecurity insurance, described the process for securing today’s managed service provider, and provided an in-depth explainer on the business espionage tactic known as “war shipping.” Further, in considering the intersection of National Cybersecurity Awareness Month and National Dom
Publish At:2019-10-14 23:20 | Read:1185 | Comments:0 | Tags:A week in security amazon body cams bots chrome cybersecurit

Black Hat 2017 – GitPwnd tool could be used by attackers to communicate with compromised devices via Git repositor

Black Hat 2017 – Security experts develop GitPwnd, a tool that could be used by attackers to communicate with compromised devices via Git repositories. Even if the Black Hat conference was ended a few days ago, here we are discussing interesting talks of cyber security experts that participated at the event. Clint Gibler, a security researcher at NCC G
Publish At:2017-08-04 21:15 | Read:4460 | Comments:0 | Tags:Breaking News Hacking backdoor cyber espionage GitHub GitPwn

Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer

The author of a banking Trojan called Nuclear Bot — a teenager living in France — recently released the source code for his creation just months after the malware began showing up for sale in cybercrime forums. Now the young man’s father is trying to convince him not to act on a job offer in the United States, fearing it may be a trap set b
Publish At:2017-04-06 19:25 | Read:5187 | Comments:0 | Tags:Other Arbor Networks Augustin Inzirillo Daniel Inzirillo Flo

Owners of GitHub repositories targeted by the Dimnie data-stealer malware

Since mid-January, attackers have targeted owners of GitHub repositories with the Dimnie data-stealer malware. It is a relatively unknown threat actor. Attackers have targeted developers having Github repositories with a data-stealing malware called Dimnie. The malicious code includes keylogging features and modules that capture screenshots. The Dimnie malwa
Publish At:2017-03-31 10:25 | Read:4567 | Comments:0 | Tags:Breaking News Cyber Crime Malware Dimnie malware GitHub Hack

The Winnti Gang continues its activity and leverages GitHub for C&C Communications

Trend Micro discovered the Chinese threat actor Winnti has been abusing GitHub service for command and control (C&C) communications. Security experts at Trend Micro continue to monitor the activities of the Chinese Winnti hacker group, this time the hackers have been abusing GitHub for command and control (C&C) communications. “Recently, the Wi
Publish At:2017-03-26 19:40 | Read:4110 | Comments:0 | Tags:Breaking News Cyber Crime Hacking backdoor cyber espionage G

Winnti Abuses GitHub for C&C Communications

With additional analysis from Cyber Safety Solutions Team Developers constantly need to modify and rework their source codes when releasing new versions of applications or coding projects they create and maintain. This is what makes GitHub—an online repository hosting service that provides version control management—popular. In many ways, it’s like a social
Publish At:2017-03-24 00:25 | Read:4915 | Comments:0 | Tags:Malware Targeted Attacks GitHub plugX Winnti

GitHub said that leaked passwords were used to access its accounts

On Tuesday evening Github became aware of unauthorized attempts to access a large number of its accounts, in response the company has reset their passwords. GitHub announced it has reset the passwords of a number of accounts after the company noticed unauthorized access. The hackers used credentials leaked online after the numerous data breaches suffered by
Publish At:2016-06-18 03:45 | Read:3610 | Comments:0 | Tags:Breaking News Cyber Crime Hacking Cybercrime data breach Git

GitHub attacker launched massive login campaign using stolen passwords

On June 14, someone using what appears to have been a list of e-mail addresses and passwords obtained from the breach of "other online services" made a massive number of login attempts to GitHub's repository service. A review of logins by GitHub's administrators found that the attacker had gained access to a number of accounts, according to a blog post by Sh
Publish At:2016-06-17 05:35 | Read:4719 | Comments:0 | Tags:Risk Assessment Technology Lab GitHub password leak

Security week-in-review: Mobile phone thief thwarted by “Theftie”

It’s hard to keep up with the hundreds of security-specific headlines published every week. So, we’re rounding up the top news that affect you, your business, and the security and technology industry overall. This week we explore a thefties, Firefox vulns, and a warning: don’t upload your Slack credentials to Github! Check back every Friday to learn about t
Publish At:2016-04-30 01:50 | Read:4934 | Comments:0 | Tags:Security Firefox Github law enforcement mobile security Mozi

Announce

Share high-quality web security related articles with you:)

Tools