Warning: Undefined variable $comments_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 527

Security Experts Urge IT to Lock Down GitHub Services

Threat intelligence firm Recorded Future has warned that threat actors are increasingly using GitHub services to launch covert cyber-attacks, and urged IT teams to take action.
Its new report, Flying Under the Radar: Abusing GitHub for Malicious Infrastructure, revealed the most popular GitHub services for threat actors.
An analysis of threat intelligence samples between March and November 2023 showed GitHub Raw, GitHub Objects and GitHub Pages were most often used in attacks.
GitHub is used by almost 100 million developers and so represents a potentially large-scale threat if the platform can be successfully abused.
Recorded Future claimed that threat actors use it to blend in with benign network traffic, thus keeping malicious activity hidden.
It added that GitHub services usually remain unblocked in organizations but benefit from high uptime, minimal new account vetting and limited detection possibilities for service providers.
That makes it a popular, low-cost and highly effective platform for command-and-control infrastructure, silent delivery of malware payloads and exfiltration of data, the report claimed.
Organizations need to consider GitHub in their threat modelling, Recorded Future argued.

This Cyber News was published on www.infosecurity-magazine.com. Publication date: Mon, 15 Jan 2024 10:15:19 +0000

Cyber News related to Security Experts Urge IT to Lock Down GitHub Services

25 Best Managed Security Service Providers (MSSP) - 2025 - Pros & Cons: ProsConsStrong threat intelligence & expert SOCs.High pricing for SMBs.24/7 monitoring & rapid incident response.Complex UI and steep learning curve.Flexible, scalable, hybrid deployments.Limited visibility into endpoint ...
2 months ago Cybersecuritynews.com

25 Best Cloud Service Providers (Public and Private) in 2025 - Oracle Cloud offers a variety of services, including infrastructure as a service (IaaS), platform as a service (PaaS), and software as a service (SaaS), to help organizations build, deploy, and run applications in the cloud. Oracle Cloud is a cloud ...
3 months ago Cybersecuritynews.com

CVE-2021-47038 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: avoid deadlock between hci_dev->lock and socket lock Commit eab2404ba798 ("Bluetooth: Add BT_PHY socket option") added a dependency between socket lock and hci_dev->lock ...
1 year ago Tenable.com

9 Best DDoS Protection Service Providers for 2024 - eSecurity Planet content and product recommendations are editorially independent. We may make money when you click on links to our partners. Learn More. One of the most powerful defenses an organization can employ against distributed ...
1 year ago Esecurityplanet.com

Warning: Undefined array key "host" in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 364

Warning: Undefined variable $domain_html in /home/u319666691/domains/cybersecurityboard.com/public_html/_template.php on line 466

CVE-2025-38311 - In the Linux kernel, the following vulnerability has been resolved: ...
1 month ago

Choosing the Perfect Smart Lock for Your Home Security - Installing a smart lock on your home is like building a wall of protection around it. In this article, we will explore the benefits of using smart locks, different types of technology available, security features offered, factors to consider when ...
1 year ago Securityzap.com Meow

CVE-2025-21674 - In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix inversion dependency warning while enabling IPsec tunnel Attempt to enable IPsec packet offload in tunnel mode in debug kernel generates the following kernel panic, ...
7 months ago Tenable.com

CVE-2022-49441 - In the Linux kernel, the following vulnerability has been resolved: tty: fix deadlock caused by calling printk() under tty_port->lock pty_write() invokes kmalloc() which may invoke a normal printk() to print failure message. This can cause a deadlock ...
6 months ago Tenable.com

CVE-2024-54460 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_listen_bis This fixes the circular locking dependency warning below, by releasing the socket lock before enterning iso_listen_bis, to avoid ...
7 months ago Tenable.com

Securing the code: navigating code and GitHub secrets scanning - Enter the world of GitHub secrets scanning tools, the vigilant sentinels of your digital gala. Secrets scanning in GitHub is anchored by two fundamental strategies: proactive prevention and reactive detection, each serving a critical function in ...
1 year ago Securityboulevard.com

Top 30 Best Penetration Testing Tools - 2025 - The tool supports various protocols and offers advanced filtering and analysis capabilities, making it ideal for diagnosing network issues, investigating security incidents, and understanding complex network interactions during penetration testing. ...
5 months ago Cybersecuritynews.com

Security Experts Urge IT to Lock Down GitHub Services - Threat intelligence firm Recorded Future has warned that threat actors are increasingly using GitHub services to launch covert cyber-attacks, and urged IT teams to take action. Its new report, Flying Under the Radar: Abusing GitHub for Malicious ...
1 year ago Infosecurity-magazine.com

GitHub, PyTorch and More Organizations Found Vulnerable to Self-Hosted Runner Attacks - Last July, we published an article exploring the dangers of vulnerable self-hosted runners and how they can lead to severe software supply chain attacks. GitHub itself was found vulnerable, as well as various notable organizations, such as PyTorch, ...
1 year ago Securityboulevard.com

CVE-2024-26629 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

CVE-2024-54191 - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: iso: Fix circular lock in iso_conn_big_sync This fixes the circular locking dependency warning below, by reworking iso_sock_recvmsg, to ensure that the socket lock is ...
7 months ago Tenable.com

CVE-2025-23163 - In the Linux kernel, the following vulnerability has been resolved: ...
4 months ago

Benefits and challenges of managed cloud security services - Too many organizations lack the in-house cloud security expertise and resources needed to protect cloud assets effectively. One option to address these challenges is managed cloud security. Outsourcing cloud security to a third party not only helps ...
1 year ago Techtarget.com

6 Best Cloud Security Companies & Vendors in 2024 - Cloud security companies specialize in protecting cloud-based assets, data, and applications against cyberattacks. To help you choose, we've analyzed a range of cybersecurity companies offering cloud security products and threat protection services. ...
1 year ago Esecurityplanet.com

GitHub code-signing certificates stolen - Another day, another access-token-based database breach. This time, the victim is Microsoft's GitHub business. On December 6, 2022, repositories from our atom, desktop, and other deprecated GitHub-owned organizations were cloned by a compromised ...
2 years ago Nakedsecurity.sophos.com

CVE-2024-26775 - In the Linux kernel, the following vulnerability has been resolved: aoe: avoid potential deadlock at set_capacity Move set_capacity() outside of the section procected by (&d->lock). To avoid possible interrupt unsafe locking scenario: CPU0 CPU1 ---- ...
1 year ago Tenable.com

CVE-2024-36003 - In the Linux kernel, the following vulnerability has been resolved: ...
1 year ago

Microsoft Copilot for Security provides immediate impact for the Microsoft Defender Experts team - AI is quickly becoming a force multiplier-presenting significant opportunities for security teams to increase productivity, save time, upskill resources, and more. Microsoft Copilot for Security is already showing immediate impact for security teams ...
1 year ago Microsoft.com

GitHub expands security tools after 39 million secrets leaked in 2024 - Standalone Secret Protection and Code Security – Now available as separate products, these tools no longer require a full GitHub Advanced Security license, making them more affordable for smaller teams. GitHub announced updates to its Advanced ...
5 months ago Bleepingcomputer.com

10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
1 year ago Cybersecuritynews.com

CVE-2021-32638 - Github's CodeQL action is provided to run CodeQL-based code scanning on non-GitHub CI/CD systems and requires a GitHub access token to connect to a GitHub repository. The runner and its documentation previously suggested passing the GitHub token ...
3 years ago