Security Alerts & News
by Tymoteusz A. Góral

History
#964 GitHub attacker launched massive login campaign using stolen passwords
On June 14, someone using what appears to have been a list of e-mail addresses and passwords obtained from the breach of "other online services" made a massive number of login attempts to GitHub's repository service. A review of logins by GitHub's administrators found that the attacker had gained access to a number of accounts, according to a blog post by Shawn Davenport, Vice President of Security at GitHub.

It’s not clear what the source of the e-mail/password combinations was, but there are certainly plenty of them out there right now—the recent bounty of "megabreaches," consisting of aged passwords from MySpace, Tumblr, LinkedIn and the dating site Fling, totaled more than 642 million accounts in all. And though they date back more than three years, there may have still been some that were being re-used by their owners on GitHub.
Read more
#970 Locky, Dridex and Angler among cybercrime groups to experience fall in activity
#969 Non-US encryption is 'theoretical,' claims CIA chief in backdoor debate
#968 Breached credentials used to access Github repositories
#967 Adobe update plugs Flash Player zero-day
#966 Mozilla tests Firefox Containers: you can isolate shopping, work, personal browsing identities
#965 QuintessenceLabs getting truly random with quantum security
#964 GitHub attacker launched massive login campaign using stolen passwords
History
2017: 01 02 03 04 05
2016: 01 02 03 04 05 06 07 08 09 10 11 12