InfoWorld

Possible software supply chain attack through AWS CodeBuild service blunted

Wiz researchers investigated and found the core of the flaw, a threat actor ID bypass due to unanchored regexes, and notified ...
The Hacker News

AWS CodeBuild Misconfiguration Exposed GitHub Repos to Potential Supply Chain Attacks

A misconfigured AWS CodeBuild webhook allowed bypass of actor ID checks, risking takeover of four AWS GitHub repositories ...
Dark Reading

Dropbox Code Repositories Stolen in Cyberattack on GitHub-Based Developers

A massive phishing campaign targeting GitHub users convinced at least one developer at Dropbox to enter in their credentials and a two-factor authentication code, leading to the theft of at least 130 ...

Target's dev server offline after hackers claim to steal source code

Hackers are claiming to be selling internal source code belonging to Target Corporation, after publishing what appears to be ...
ZDNet

Code execution bug in malicious repositories resolved by Git Project

The Git Project has disclosed the existence of a severe vulnerability which can lead to the execution of arbitrary code. The vulnerability, CVE-2018-17456, was disclosed on Friday. The ...
Ars Technica

GitHub says hackers cloned code-signing certificates in breached repository

GitHub said unknown intruders gained unauthorized access to some of its code repositories and stole code-signing certificates for two of its desktop applications: Desktop and Atom. Code-signing ...
InfoQ

Google Releases New Code Search in Beta in Revamped Cloud Source Repositories

Unlock the full InfoQ experience by logging in! Stay updated with your favorite authors and topics, engage with content, and download exclusive resources. Vivek Yadav, an engineering manager from ...
CSOonline

4 tools to prevent leaks in public code repositories

Use these tools to find your company's exposed secrets in repositories such as GitLab, GitHub, or Google Cloud Build before attackers do. Secrets stored in Git repositories have been a thorn in the ...
IPWatchdog

Your Developers Could Be Publicly Disclosing Source Code By Using Third-Party Code Repositories

“It is important to keep in mind that courts have found that the mere intent to keep the document confidential is insufficient.” Recently, I met with a potential client to discuss key points that ...

Target hack claims surface as source code allegedly listed for sale online

The post Target Hack Claims Surface as Source Code Allegedly Listed for Sale Online appeared first on Android Headlines.
Bleeping Computer

Slack's private GitHub code repositories stolen over holidays

Slack suffered a security incident over the holidays affecting some of its private GitHub code repositories. The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at ...
Dark Reading

35K Malicious Code Insertions in GitHub: Attack or Bug-Bounty Effort?

A hacker going by the handle "Pl0xP" cloned a large number of GitHub repositories and slightly changed the cloned repository names, in a typosquatting effort to impersonate legitimate projects — thus ...