GitHub | Breaking Cybersecurity News | The Hacker News

Open Source is the Future of the computer science world! On Wednesday, the popular coding website GitHub shared a graph that gives a closer look at the popularity of different programming languages used on its code sharing website that lets anyone edit, store, and collaborate on software code. Since its launch in 2008, GitHub saw various programming languages picking up momentum, as shown in the graph below. An insight into what GitHub is… GitHub is a web-based repository that operates on the functionality of a 'Git,' which is strictly a command-line tool. With 10 Million users as of today, the platform has become the primary source of housing open source software that is free of cost available to the world at large. A look at the picture of programming trends on GitHub over recent years is actually a look at how the computer world is evolving. Top 10 Programming Languages Here are the Top 10 Programming Languages on GitHub today: JavaS

China has something very impressive that we are not aware of. The country has a powerful and previously unknown weapon that its government is using to bolster their cyber attack capabilities: Dubbed " The Great Cannon. " INTERNET CENSORSHIP IN CHINA When I talk about Internet censorship, it is incomplete if I don't mention China. China is famous for its Great Wall of China and Great Firewall of China . The censoring of Internet access and blocking an individual website in China by its government, known as the Great Firewall of China. But, why the Chinese government does that? The answer is very simple: The Chinese government restricts those contents it deems sensitive for its country's so-called democracy. It illegalize certain online speech and activities, block selected websites, and filter keywords out of searches initiated from computers located in Mainland China. The worse: Those Chinese citizens who offend authorities against Int

It comes as no surprise that today's cyber threats are orders of magnitude more complex than those of the past. And the ever-evolving tactics that attackers use demand the adoption of better, more holistic and consolidated ways to meet this non-stop challenge. Security teams constantly look for ways to reduce risk while improving security posture, but many approaches offer piecemeal solutions – zeroing in on one particular element of the evolving threat landscape challenge – missing the forest for the trees.  In the last few years, Exposure Management has become known as a comprehensive way of reigning in the chaos, giving organizations a true fighting chance to reduce risk and improve posture. In this article I'll cover what Exposure Management is, how it stacks up against some alternative approaches and why building an Exposure Management program should be on  your 2024 to-do list. What is Exposure Management?  Exposure Management is the systematic identification, evaluation,

Github – a popular coding website used by programmers to collaborate on software development – was hit by a large-scale distributed denial of service (DDoS) attack for more than 24 hours late Thursday night. It seems like when users from outside countries visit different websites on the Internet that serve advertisements and tracking code from Chinese Internet giant Baidu , the assailants on Chinese border quietly inject malicious JavaScript code into the pages of those websites. The code instructs browsers of visitors to those websites to rapidly connect to GitHub.com every two seconds in a way that visitors couldn't smell, creating "an extremely large amount of traffic," according to a researcher who goes by the name A nthr@x . "A certain device at the border of China's inner network and the Internet has hijacked the HTTP connections went into China, replaced some JavaScript files from Baidu with malicious ones," A nthr@x wrote at Insight La

Developers running the open source Git code-repository software and tools, like GitHub, on Mac OS X and Windows computers are highly being recommended to install a security update that patches a major security vulnerability in Git clients that leverages an attacker to hijack end-user computers. The critical Git vulnerability affects all versions of the official Git client and all the related software that interacts with Git repositories, including GitHub for Windows and Mac OS X, according to a GitHub advisory published Thursday. HOW GIT BUG WORKS The vulnerability allows an attacker to execute remote code on a client's computer when the client software accesses Git repositories. The GitHub engineering team gave a detailed explanation on how attackers might exploit the vulnerability: "An attacker can craft a malicious Git tree that will cause Git to overwrite its own .git/config file when cloning or checking out a repository, leading to arbitrary command execution

It is always important to secure our system against outside threats i.e. Hackers, but it also required to protect against insider threats. The potential of damage from an Insider threat can be estimated from the example of Edward Snowden who had worked at the NSA , and had authorized access to thousands of NSA's Secret Documents, networks and systems. ' According to a recent Verizon report, insider threats account for around 14% of data breaches in 2013." Mostly, securing data involves just encryption in the cloud and keeping encryption keys out of the hands of rogue employees, but it is not enough where rogue employees should have access to encryption keys as part of their work. To prevent such risk of rogue employees misusing sensitive data, CloudFlare has released an open source encryption software " Red October ," with " two-man rule " style file encryption and decryption. " Two-man rule ", a control mechanism designed to achieve a hi

Popular source code repository service GitHub has recently been hit by a massive Password Brute-Force attack that successfully compromised some accounts,  GitHub has urged users to set up two-factor authentication for their accounts and has already reset passwords for compromised accounts. " We sent an email to users with compromised accounts letting them know what to do ," " Their passwords have been reset and personal access tokens, OAuth authorizations, and SSH keys have all been revoked. "  However, GitHub uses the  bcrypt  algorithm to hash the passwords , which is extremely resilient against brute force attacks because it takes an inordinate amount of time to encrypt each password. In a blog post , GitHub engineer Shawn Davenport said that a brute force attack from around 40,000 IP addresses revealed some commonly used passwords . These addresses were used to slowly brute force weak passwords. In addition to normal strength requirements like length or cha

Code repository GitHub  offers two-factor authentication to beef up security around its users' accounts. Github is a coding repository where developers used to build their projects projects that may turn out to be valued knowledgeable assets. Two-Factor Authentication adds another layer of authentication to the login process, Now users have to enter their username and password, and a secret code in the second step, to complete the sign in. If a hacker manages to steal a user's credentials through phishing or trojans, cannot do anything, as they do need a second key to enter. " We strongly urge you to turn on 2FA for the safety of your account, not only on GitHub, but on other websites that support it, " the company says . This two-factor authentication for Githu can be turned on in your account settings. GitHub hit 3.5 million users' landmark along with 6 million repositories deposited on its 5th anniversary in April. Two-factor authentication can protect you

GitHub is a source code repository which lets developers work on programs together as a team, even when they are in different locations. Each repository on the site is a public folder designed to hold the software code that a developer is working on. This Tuesday GitHub announced a major upgrades to the site's search engine, " Finding great code on GitHub just got a whole lot easier, ". Yesterday few twitter users pointed out that there is no shortage of embedded private SSH keys and passwords that can easily be found via GitHub new feature. If you upload security information (keys/passwords etc) to a public repository, new search feature will allow anyone to find them. Today, GitHub's search function stopped working , though the site didn't acknowledge the cause. Updated message is " Search remains unavailable. The cluster is recovering slowly and we continue to monitor its progress. We'll provide further updates as they become available