Dom Bush

A GitHub flaw lets attackers upload executables that appear to be hosted on a company's official repo, such as Microsoft's—without the repo owner knowing anything about it. The following URLs, for example, make it seem like these ZIPs are present on Microsoft's source code repo: https://github[.]com/microsoft/vcpkg/files/14125503/Cheat.Lab.2.7.2.zip https://github[.]com/microsoft/STL/files/14432565/Cheater.Pro.1.6.0.zip But they are not. These ZIPs are #malware. An attacker, while commenting on any GitHub commit/PR, can "attach" a file that gets assigned a URL slug containing the name of the repo where the comment was made. Even if the comment is never actually posted or later deleted by the attacker, the link to the file remains live! And, the repo owner (Microsoft in this case) would have no knowledge of or control over such files. Threat actors have been abusing this flaw to distribute malicious executables under the false pretense that these are coming from credible organizations' code repos.

Data mining ISS imagery in an unusual way. Nathan Bergey, then a visiting scholar at Portland State University in Oregon, plotted on a blank map of Earth, the location of the Space Station at the moment each of more than 1.1 million astronaut photographs were taken. A new vision of Earth’s geography emerged. The continents appear in ghostly outlines, and places of striking beauty are thick with dots. Regions of constant cloud cover and featureless reaches of the mid-ocean are rarely captured. Parsed in this manner, nothing of the photographic subject remains, only the fact that a human being, driven by something intangible—curiosity, awe, aesthetic delight, perhaps even a moment of homesickness—chose to release a camera’s shutter. Map assembled in 2013 from 1,129,177 astronaut images from ISS, Expeditions 1-34, see Nathan’s data at: https://t.co/PsW78craSr