actions
-
In October 2024, we started publishing roundup blog posts to share the latest features and updates from our teams. Today, we are announcing general availability for Account Owned Tokens, which allow organizations to improve access control for their Cloudflare services. Additionally, we are launching Zaraz Automated Actions, which is a new feature designed to streamline…
-
Authentication Actions Boost Security and Customer Experience – The New Stack
-
Coordinated Disclosure Timeline Summary Univer uses multiple actions workflows vulnerable to actions injections. Project dream-num/univer Tested Version Latest Details Issue 1: Code injection in .github/workflows/update-snapshots.yml (GHSL-2024-209) The update-snapshots.yml workflow runs on any of the comment created on an issue or a PR, and executes echo ${{ github.event.comment.body }} – a command with the content of…
-
The Blockchain Association, a leading crypto advocacy group, reported that its member firms have collectively spent over $400 million addressing enforcement actions initiated by the US Securities and Exchange Commission (SEC) under chair Gary Gensler.
-
If you’ve kept up with security headlines this year, or are on the frontlines of healthcare security yourself, you know that healthcare networks are in an escalating battle against cyberattacks. As one of the most targeted industries, healthcare not only contends with a growing volume of attacks, but confronts some of the highest costs when…
-
Saachi Mutreja, Mark Zhandry ePrint Report Cryptographic group actions are a leading contender for post-quantum cryptography, and have also been used in the development of quantum cryptographic protocols. In this work, we explore quantum group actions, which consist of a group acting on a set of quantum states. We show the following results: 1. In…
-
Join our daily and weekly newsletters for the latest updates and exclusive content on industry-leading AI coverage. Learn More
-
In this Help Net Security interview, Emily Wienhold, Cyber Education Specialist at Optiv, discusses how business leaders can promote a security-first culture within their organizations.
-
Today, Oct. 8, Crypto.com reported it has filed a lawsuit against the US Securities and Exchange Commission to challenge what it describes as the agency’s overreach in regulating the crypto industry. The company aims to protect the future of crypto in the United States by contesting the SEC’s authority and its methods of enforcement. It…
-
We construct a quantum money/quantum lightning scheme from class group actions on elliptic curves over $F_{p}$. Our scheme, which is based on the invariant money construction of Liu-Montgomery-Zhandry (Eurocrypt ’23), is simple to describe. We believe it to be the most instantiable and well-defined quantum money construction known so far. The security of our quantum…
-
Coordinated Disclosure Timeline 2024-06-24: Report sent to security@konghq.com 2024-06-02: Kong’s security team claims that only Kong’s employees can trigger the action on a protected branch, so the attack surface is significantly smaller. 2024-06-03: Security Lab reiterates the importance of fixing the underlying vulnerability. 2024-09-25: Publishing as per our disclosure policy. Summary Kong is vulnerable to…
-
A Human Rights Watch (HRW) release on Monday highlighted the disproportionate harm that children with disabilities in Gaza are suffering as a result of Israel’s violations of humanitarian law, which include military strikes against hospitals, restrictions on humanitarian aid and a 16-year blockade on the Gaza Strip.
-
Giuseppe D’Alconzo, Alessio Meneghetti, Edoardo Signorini ePrint Report Cryptographic group actions have gained significant attention in recent years for their application on post-quantum Sigma protocols and digital signatures. In NIST’s recent additional call for post-quantum signatures, three relevant proposals are based on group actions: LESS, MEDS, and ALTEQ. This work explores signature optimisations leveraging a…
-
Somalia has threatened to boot out Ethiopian troops deployed for an African Union mission against Al-Shabaab militants since 2007 – Copyright AFP Leonardo Munoz
-
Coordinated Disclosure Timeline 2024-06-24: Report sent to haijin.chn@gmail.com 2024-09-09: Report sent to james.luan@zilliz.com 2024-09-10: Fixes merged. Summary Milvus is vulnerable to Actions code injection allowing an attacker to alter the repository and steal secrets. Project Milvus Tested Version v2.3.18 Details Code Injection (GHSL-2024-120) The check-issue.yaml workflow is triggered on issues (i.e., when an Issue is…
-
[embedded content] In this Help Net Security video, Sara Behar, Content Manager at YL Ventures, discusses how recent regulatory actions and high-profile legal incidents involving cybersecurity leaders have influenced CISO reporting.
-
Get highlights of our research into the security of GitHub Actions, and our advice on mitigating the risk.
-
Sep 06, 2024Ravie LakshmananSoftware Security / Hacking
-
“This level of access can be risky if an action is malicious — it could install malware, steal secrets, or make covert changes to your code,” the Orca researchers warn. “The implications of such access can be devastating. Imagine an action that exfiltrates sensitive information or modifies code to introduce subtle bugs or backdoors, potentially…
-
In the world of software development, automation is a huge time-saver, and GitHub Actions is one of the best tools for the job. GitHub Actions allow developers to automate, customize, and execute their software development workflows right in their GitHub repository. You can set up continuous integration and continuous delivery (CI/CD) pipelines, run tests, deploy…