GitHub is an useful development and versioning environment – part of it’s growth was to acquire another similar service NPM – a software depository. The software depository is now under possible attack from the simple of threat actors offering malicious packages with names that are just slightly different from the …
Another botnet expanding it’s malicious capabilities
The EnemyBot malware had added VMware and F5 critical flaws to it’s attack vectors: EnemyBot malware adds enterprise flaws to exploit arsenal • The Register The worse thing about this malware, (other than if it infects your systems), is that the “unarmed” code is available on Github.
Our trust in public code – UPDATED 24 May 2022
The original post was made on 12 May 2022 Update 24 May 2022 Python is a popular coding language and many code libraries exist to make the programmer’s life a little easier. But as indicated in the articles below if that open source code becomes popular, then it also becomes …
Continue reading “Our trust in public code – UPDATED 24 May 2022”
GitHub to require 2FA for all users by end of 2023!
GitHub is a valuable resource to software developers and so it is a key tool being used in many software supply chains. And we now know how vulnerable we all are to software supply chain hacking – look at this example. So my response when I saw this was the …
Continue reading “GitHub to require 2FA for all users by end of 2023!”
Tampering with open source software
Recently the security of open source software has been questioned, particularly with respect to Linux vulnerabilities that have a huge impact due to Linux’s use as internet infrastructure. When volunteer coders are keeping the software secure – who takes responsibility. Steps have started to be taken to increase the security …