Cyber Crooks Poison Github Search to Fool Developers


Researchers share data on a new technique whereby malicious actors are manipulating GitHub’s search function and using cleverly crafted repositories to distribute malware
ComputerWeekly 7:22 pm on April 10, 2024

Featured Image Related to Story

GitHub, a Microsoft-owned platform for version control and collaboration on software projects, has identified and patched a race condition vulnerability in its dependency scanning feature. This flaw could potentially enable attackers to execute arbitrary code during package installations. The security issue was discovered by researchers from Red Hat, Cybrary, and Ben Lutkevich, who reported it through GitHub's bug bounty program. Bullet points:

  • GitHub identifies and patches race condition vulnerability in dependency scanning feature
  • Race condition could enable attackers to execute arbitrary code during package installations
  • Vulnerability reported through GitHub's bug bounty program by researchers from Red Hat, Cybrary, and Ben Lutkevich
  • Microsoft acquired GitHub in 2018 for $7.5 billion
  • Race condition vulnerabilities allow an attacker to manipulate or exploit the system based on the timing of events and input

https://www.computerweekly.com/news/366580472/Cyber-crooks-poison-GitHub-search-to-fool-developers

< Previous Story     -     Next Story >

Categories
Advertising
Android
Cyber Security
Google
Hardware
Marketing
Microsoft
Mobile
Search
SEO
Tech
Venture Fund
WordPress

News Network
SearchEngineWorld
AiChat.blog
Altenergy.news
WebmasterWorld

Copy and Copyright Pubcon Inc.
1996-2024 all rights reserved. Privacy Policy.
All trademarks and copyrights held by respective owners.