PARIS, FRANCE – JUNE 04: In this photo illustration the GitHub logo is seen on the screen of an iPhone in front of a computer screen showing a Microsoft logo on June 04, 2018 in Paris, France. (Photo Illustration by Chesnot/Getty Images)
GitHub said late Tuesday that internal repositories were exfiltrated after an employee device was compromised through a poisoned Visual Studio Code extension, an incident that underscores the…
The company said it found more evidence of compromise across its customer base. Exposure, which has yet to be defined, poses significant downstream risk.
The attack, which originated at Context.ai, showcases the pitfalls of interconnected cloud applications and SaaS integrations with overly privileged permissions.
The company said a developer tool automatically retrieved a malicious version of the popular open-source library, but insists the integrity of its systems and software were not…
Attackers compromised the open-source security tool and published malicious versions of the software. Mandiant warns the fallout could impact up to 10,000 downstream victims.
“Move fast and break things” Facebook CEO Mark Zuckerberg onstage at the F8 conference 2014. (Mike Deerkoski via Wikimedia Commons, CC BY 2.0, https://creativecommons.org/licenses/by/2.0/)
For 20 years, tech has moved fast and broken things. The result: a cybersecurity crisis built on rushed code and vulnerable software. It's time to replace speed-at-all-costs…
Light reflects off glass panels on Salesforce Tower through the fog in San Francisco on July 31, 2018. (Carlos Avila Gonzalez/The San Francisco Chronicle via Getty Images)
Okta thwarted the supply-chain attack with security controls it had in place. Zscaler did not. Their experiences provide insights into the root of a much broader problem.
