Tag Archives: GitHub

Experts have doubts in the effectiveness of the CVE database

Experts doubts in the effectiveness of CVE

Experts have doubts in the effectiveness of the CVE database and advised researchers not to rely solely on this threat database when scanning for vulnerabilities in the system. As stated in the report of the company Risk Based Security, such a solution will make IT professionals miss almost a third of all vulnerabilities. “If your organization is currently relying on …

Read More »

GitHub can now assign CVE identifiers to vulnerabilities

GitHub can assign CVE

This week, representatives of GitHub immediately announced a number of innovation, including the fact that GitHub has completed certification as a CVE Numbering Authority, the company can now independently assign CVE identifiers to vulnerabilities. First, Dependency Graph will add support for PHP projects on Composer. This means that users will be able to receive automatic security warnings for any vulnerabilities …

Read More »

Attacker hacked other users’ Git-repositories and requires money for data recovery

blackmail

ZDNet journalists pointed attention on unusual problem of Git-repositories, including GitHub, Bitbucket and GitLab users. Last week unknown attacker or a group of attackers started hacking other people’s repository, delete all initial codes and comments, and later require buyout for data recovery. Message with buyout request that is presented above, also says that prior to deleting information attacker thoughtfully saved …

Read More »

In the utility that is by default installed on Dell computers found serious vulnerability

dell laptop

In Dell SupportAssist utility, that serves for debugging, diagnostic and automatic drivers’ updates is found serious vulnerability (CVE-2019-3719). It allows remotely perform a code with administrator’s privileges on Dell computers and laptops. According to experts’ assessments, issue involves significant number of devices, as Dell SupportAssist instrument installed on all Dell’s PCs and laptops that are supplied with Windows (systems that …

Read More »

PoC-code for vulnerability in Apache HTTP-server published on GitHub

Developer Charles Fol discovered Carpe Diem (CVE-2019-0211) vulnerability in Apache HTTP Server 2.4. In certain conditions, it allows implementing side code which gives rights of administrator and capturing server management. Charles Fol published PoC-code on GitHub website. In the accompanying comments engineer explained that code has intermediate meaning between demonstrative PoC and valid exploit and has educational purposes. However, intruders …

Read More »