Legit Security Discovers “MarkdownTime”, A Vulnerability in Markdown Services Affecting GitHub, GitLab and Countless Others

TEL AVIV, Israel, Jan. 19, 2023 (GLOBE NEWSWIRE) — Legit Security, a cyber security company with an enterprise platform that protects an organization's software supply chain from attack and ensures secure application delivery, today announced that it discovered an easy to exploit Denial–of–Service (DoS) vulnerability in Markdown libraries used by GitHub, GitLab and countless other applications using a popular markdown rendering service called commonmarker. Coined "MarkdownTime", a vulnerable version of the commonmarker service allows an attacker to deploy a simple DoS attack that would shut down innumerable digital business services across the globe by disrupting their application development pipelines. More information on the vulnerability and how to mitigate the risks are found on a technical disclosure blog found here.

Markdown refers to creating formatted text using a plain text editor which is commonly found in software development tools and environments. A wide range of applications and projects implement these popular open source markdown libraries, such as the popular variant found in GitHub's implementationGFM (GitHub Flavored Markdown). In this case, Legit Security researchers found that it was simple to trigger unbounded resource exhaustion leading to a Denial–of–Service attack which could take down the service. After bringing this vulnerability to the attention of the GitHub security team, GitHub recognized the issue and posted a formal acknowledgement and fix which can be found here: CVE–2022–39209. It should be noted that many other tools and services may also be susceptible to the same vulnerability.

"Open–source libraries are ubiquitous in modern software development, but when vulnerabilities emerge, they can be very difficult to track due to uncontrolled copies of the original vulnerable code," said Liav Caspi, CTO and co–founder of Legit Security. "When a library becomes popular and widespread, a vulnerability inside of it could potentially enable an attack on countless projects. Those attacks can include disruption of critical business services, such as crippling the software supply chain and the ability to release new business applications."

This is exactly what the Legit Security research team saw with MarkdownTime: a copy of the vulnerable GFM implementation was found in commonmarker, the popular Ruby package implementing Markdown support, which has more than 1 million dependent repositories. The Legit Security team found implementations across several business critical source code management services, among them GitHub and GitLab. Using this exploit, an unauthenticated attacker can bring down entire software production pipelines and causing significant damage to organization's digital business initiatives. Many other services beyond just software development environments may also be vulnerable to costly business disruption.

The Legit Security research team has disclosed this security issue to the maintainer of commonmarker, as well as to both GitHub and GitLab. All of them have fixed the issues, but many more copies of this markdown implementation have been deployed and are in use. An in–depth description of MarkdownTime, along with information on how to protect organizations and projects, can be found in Legit Security's blog.

Legit Security

Legit Security protects an organization's software supply chain from attack and ensures secure application delivery, governance and risk management from code to cloud. The platform's unified application security control plane and automated SDLC discovery and analysis capabilities provide visibility and security control over rapidly changing environments, and allow security issues to be prioritized based on context and business criticality to improve security team efficiency and effectiveness.

Media Contact
Tony Keller

GLOBENEWSWIRE (Distribution ID 8732969)

Report on the Sustainability Governance Practices of the 30 Largest Global Banks Comes Up With Interesting Findings

LONDON, Jan. 19, 2023 (GLOBE NEWSWIRE) — Morrow Sodali and Nestor Advisors – A Morrow Sodali Company, are pleased to announce the publication of "Governance of sustainability in the largest global banks: A study of the top 30 European and North American banks".

This Report examines the sustainability governance practices of the 30 largest European and North American banks. In preparing the Report, we reviewed various publicly available documentation and also interviewed representatives from fifteen leading banks, including nine board chairs, other board members and senior executives. Interviewees shed light on different practices, and why banks chose to pursue them. The resulting Report compares the banks across several data points and analyzes these findings against a double index of sustainability and financial performance.

Stilpon Nestor, the Report's leading author stated, "Sustainability is one of the big issues facing banks and their leadership. Shareholders and various stakeholders, including regulators, expect banks to be proactive in sustainability. On the strategy side, the "greening of the book" is the big challenge, especially in markets with big "brown" sectors. On the risk side, some regulators expect banks to integrate sustainability risk within the core risk management framework and its key categories. They also expect a clear sustainability perspective in the risk appetite framework. In order to deliver in these areas, global banks have reshaped existing governance and organizational arrangements and have developed some new ones. Our Report examines these arrangements and comes up with interesting, sometimes counterintuitive, findings."

Among these findings, the issue of board skills in relation to sustainability was highlighted. All of the banks we interviewed do not see having sustainability experts on the board as a priority. Their priority is to make their existing board members more cognizant in the sustainability area. In that sense, they emphasize the development of director skills.

How does a board structure itself to address sustainability? In many cases, this is done by setting up a new committee. However, structure often reflects the level of maturity of the issues in a bank. One interesting finding of the Report is that banks further advanced in the "maturity spectrum" have done away with special committees and discuss sustainability as part of the general strategy and risk appetite.

Another key finding relates to the role of management in ensuring all business functions strengthen their capabilities to understand sustainability. This is an issue that touches upon all business areas of a bank, whether it is a corporate, retail or private bank, as well as risk, finance and internal audit functions. That is why most global banks have created senior management committees to oversee this transversal work. The seniority of the members of this committee is key. In 50% of the banks, the CEOs themselves are heading this senior coordinating committee.

Most banks have also included sustainability parameters in their executive remuneration approach. The Report finds that in the best performing ones, sustainability considerations have a relatively significant "weight" among other factors in determining variable compensation.

We hope you find this study insightful, and that the findings will be helpful from the perspective of all stakeholders. Click here to request the Report in full.


Morrow Sodali is a leading provider of strategic advice and shareholder services to corporate clients around the world. The firm provides corporate boards and executives with strategic advice and services relating to corporate governance, ESG, shareholder and bondholder communication and engagement, capital markets intelligence, proxy solicitation, shareholder activism and mergers and acquisitions.

From headquarters in New York and London, and offices and partners in major capital markets, Morrow Sodali serves over 1,000 corporate clients in 80+ countries, including many of the world's largest multinational corporations. In addition to listed and private companies, its clients include financial institutions, mutual funds, ETFs, stock exchanges and membership associations.

For more information, please visit morrowsodali.com.


Nestor Advisors is the specialized board and governance advisory subsidiary of Morrow Sodali. We are a global advisory firm specializing in corporate governance, sustainability and organizational design, and work with the boards and senior management of financial institutions, companies and not–for–profit organizations to improve decision making, organizational structures, controls and incentives.

Fully integrated with Morrow Sodali, the two companies provide the firm's global client base with a comprehensive suite of advisory services relating to corporate governance, ESG, sustainability and stakeholder engagement.

Our services span a broad spectrum including holistic assessments yielding a significant redesign of a company's governance system, board evaluations, group governance, board training, risk management, and the development of specific policies and controls. Whatever the scope, our services are always closely tailored to our clients' needs.

For more information, please visit nestoradvisors.com.


Elena Cargnello
Corporate Director, Marketing
+44 (0)20 4513 6913

GLOBENEWSWIRE (Distribution ID 8732968)

The Journalist Stranded in Europe’s “Guantánamo”

It’s 23 hours a day in a cell without natural light and just one to walk around in a 7×4-metre courtyard. For Pablo González, an independent Spanish-Russian journalist, it’s been almost a year spent in solitary confinement in Poland. González was arrested on the night of February 27th in Przemysl, a Polish city bordering Ukraine. […]

The People of Africa Need Relief: the Biden Administration can Provide it

US-Africa Leaders Summit. Credit: Wikimedia Commons

By Pauline Muchina and Emira Woods
NAIROBI, Kenya, Jan 19 2023 – United States Treasury Secretary Janet Yellen is traveling to South Africa, Zambia, and Senegal this week in the hopes of strengthening U.S.-Africa relations at a time of waning U.S. influence on the continent — the first in a series of Biden administration trips announced at last month’s U.S.-Africa Leaders Summit.

As African women leaders working for peace and climate justice, we welcome this renewed engagement with a region that is too often sidelined. But meetings and photo-ops are not enough.

If the United States wants the trust of the African people, we need more than words. We need tangible action to materially improve the lives of communities across the continent.

There are two steps the Biden administration could take today to do just that: supporting a new issuance of Special Drawing Rights (SDRs) for cost-free, debt-free crisis relief, and providing additional financial support for the Loss and Damage Fund agreed to at COP27, the most recent UN Climate Conference.

Three years since the COVID-19 outbreak, under one-third of Africans have received a single vaccination dose. Economic growth in Africa slowed “sharply” in 2022, due to a worldwide economic slump, inflation, and an ongoing series of shocks.

The World Bank is warning of a “sharp, long-lasting slowdown” in 2023 that will “hit developing countries hard.” One-fifth of Africa’s population faces chronic hunger—double the world average—and the climate crisis is only deepening these stark statistics.

For perspective: Driven by climate and conflict, half of Somalia’s population faces acute food insecurity. Trekking for weeks to refugee camps for food, many Somalis are forced to bury starved loved ones in shallow graves.

Against such challenges, the 2021 issuance of $650 billion in SDRs by the International Monetary Fund provided a lifeline for millions of Africans. SDRs are a reserve asset that can be issued in times of crisis at no cost to the U.S. or any other country. Developing countries can then use these SDRs to pay debts, stabilize currencies, or fund critical purchases like vaccines and food supplies.

Since the 2021 issuance, over 100 low- and middle-income countries have used their SDRs for often life-saving care for their citizens. African countries used SDRs more than any other region, with 47 of 54 African nations using some or all of their allocation.

Though last year’s SDR issuance was impactful, it was not enough. That’s why African leaders like African Union Chair Macky Sall and finance ministers across the continent are calling for a new SDR issuance of at least the same size.

The UN Global Crisis Response Group on Food, Energy, and Finance; dozens of US lawmakers; the International Chamber of Commerce; and nearly 150 civil society organizations worldwide also support the proposal.

Additionally, African countries must be compensated for the harms caused by a climate crisis for which they bear little responsibility. Despite having contributed the least of any continent to greenhouse gas emissions, Africa remains the most vulnerable to climate change.

Nineteen million Africans have been affected by extreme weather events in 2022 alone, and cyclones and droughts wrought havoc on infrastructure, agriculture, and domestic economies.

In the words of the Pan-African Climate Justice Alliance, “you cannot set fire on someone’s house and sell them the fire extinguisher, or worse still, loan them money to rebuild it.” The Loss and Damage Fund will provide climate reparations through financial support to nations most vulnerable to climate shocks.

The Fund’s impact, however, will only be as strong as the world’s commitment. While nations like Germany and Belgium have made symbolic pledges to the fund, current contributions fail to address the existential magnitude of the crisis. Increased U.S. financial backing will pave the way for additional support from other high-income countries.

Naysayers may balk at the cost of these proposals, or suggest they do not align with U.S. national interests. However, a new SDR issuance, while costing nothing to U.S. taxpayers, would foster global economic—and therefore political—stability, while proving U.S. responsiveness to African needs.

Following the passage of the highest-ever Pentagon budget, the Biden Administration should recall their own analysis that climate change exacerbates global security challenges.

Instead of paying massive sums for weapons of war, often in the name of debunked strategies to counter terrorism, the U.S. should invest in measures that address the root causes of violent conflict in places like Somalia and the Sahel.

During last month’s U.S.-Africa Leaders Summit, 60 organizations, including Partners In Health, Africans Rising, and Friends of the Earth US, called on President Biden to support these two urgent proposals. At the time, he failed to do so.

As Secretary Yellen travels to our continent, the administration has another opportunity to move beyond rhetoric and toward action to improve the lives of Africa’s 1.2 billion people.

Supporting a new SDR issuance and contributing funding for the Loss and Damage Fund would go a long way toward salving the ever-present economic wounds of colonialism, addressing the climate crisis, and bolstering opportunities for Africans to chart their own course in the 21st century and beyond.

Pauline Muchina comes from the Rift Valley in Kenya, where her family still resides. She is the Policy, Education and Advocacy Coordinator for Africa for the American Friends Service Committee in Washington, DC, and the Chair of the COVID-19 Working Group of the Advocacy Network for Africa.

Emira Woods, originally from Liberia, is the Executive Director of Green Leadership Trust and an ambassador for Africans Rising for Justice, Peace, and Dignity, a network of African social movements on the continent and the diaspora.

IPS UN Bureau


!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?’http’:’https’;if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+’://platform.twitter.com/widgets.js’;fjs.parentNode.insertBefore(js,fjs);}}(document, ‘script’, ‘twitter-wjs’);  

OKX Publishes January Proof of Reserves Report, Shows Largest 100% Clean Asset Reserves Among Major Exchanges

VICTORIA, Seychelles, Jan. 19, 2023 (GLOBE NEWSWIRE) — OKX, the world's second–largest crypto exchange by trading volume, today published its third monthly Proof of Reserves (PoR) showing $7.5 billion held by the exchange in BTC, ETH, and USDT, which is the largest 100% clean asset reserves among major exchanges, according to third party data.

New features included in this month's PoR include a more detailed asset balance dashboard, allowing users to see how their total assets are calculated across products denominated in BTC, ETH and USDT.

Assets are considered "clean" in PoR when a third party analysis determines they do not include an exchange's platform token, and are solely made up of high market cap "traditional" crypto assets such as BTC, ETH and USDT. Blockchain analytics firm CryptoQuant monitors PoR across the industry, and found OKX's assets to be "100% clean."

As with all OKX PoR reports, users are able to view OKX's January PoR on its website, including reserve ratios for new and historical data. Reserves and liabilities can be self–verified with trustless tools on the OKX website.

OKX CMO Haider Rafique said: "Security, transparency and trust are core tenets of the OKX business process and customer service philosophy. We've already taken a leadership position by publishing our PoR monthly. As industry standards for PoR continue to take shape, we expect that our reserve asset quality will be one of many key differentiating factors for OKX in the market."

OKX has always maintained 1:1 reserves. Current OKX reserve ratios are as follows:

  • BTC: 105%
  • ETH: 105%
  • USDT: 101%

OKX has published more than 23,000 addresses for its Merkle Tree PoR program, and will continue to use these addresses to allow the public to view asset flows. The OKX PoR protocol is open source and available to the public on Github. Additional OKX holdings can be viewed on the OKX Nansen Dashboard.

As part of its commitment to transparency, OKX will continue to publish PoR monthly.

For further information, please contact: media@okx.com

What is Proof–of–Reserves?

Proof of Reserves is a report of crypto assets that ensures the custodian (OKX) holds the assets it claims to hold on behalf of its users. OKX uses the Merkle tree (hash tree) to prove this claim in two ways. First, users can find their balance in the tree and prove their assets are held in the total OKX balance. Second, the total OKX balance is compared to the publicized OKX on–chain wallet balance to determine Proof–of Reserves.

About OKX

OKX is one of the world's leading technology companies building the future of Web3. Known as the fastest and most reliable crypto trading platform for investors and professional traders everywhere, OKX's crypto exchange is the second largest globally by trading volume.

OKX's leading self–custody solutions include the Web3–compatible OKX Wallet, which allows users greater control of their assets while expanding access to DEXs, NFT marketplaces, DeFi, GameFi and thousands of dApps.

OKX partners with a number of the world's top brands and athletes, including: English Premier League champions Manchester City F.C., McLaren Formula 1, The Tribeca Festival, golfer Ian Poulter, Olympian Scotty James, and F1 driver Daniel Ricciardo.

OKX is committed to transparency and security and publishes its Proof of Reserves on a monthly basis.

To learn more about OKX, download our app or visit: okx.com


This announcement is provided for informational purposes only. It is not intended to provide any investment, tax, or legal advice, nor should it be considered an offer to purchase, sell, or hold digital assets. Digital assets, including stablecoins, involve a high degree of risk, can fluctuate greatly, and can even become worthless. You should carefully consider whether trading or holding digital assets is suitable for you in light of your financial condition. Please consult your legal/tax/investment professional for questions about your specific circumstances.

GLOBENEWSWIRE (Distribution ID 8732237)

How Innovative Farming Rescues Crises-Stricken Farmers in This Indian Village

Farmers inthe southern state of Karnataka, India, during training sessions for multi-cropfarming. The techniques have meant survival in the face of uncertain weathercaused by climate change. Credit: Umar Manzoor Shah/IPS

Farmers inthe southern state of Karnataka, India, during training sessions for multi-cropfarming. The techniques have meant survival in the face of uncertain weathercaused by climate change. Credit: Umar Manzoor Shah/IPS

By Umar Manzoor Shah
KARNATAKA, INDIA , Jan 19 2023 – The South Indian State of Karnataka has been reeling for the past three years—the late arrival of monsoons, the surging temperatures, and drastic changes in the weather patterns are putting the state’s farmers in dire straits.

Sugarcane and rice crops have died, causing considerable losses to the already perturbed farming community.

As per the government reports, climate change is affecting Karnataka’s water cycle and rainfall patterns, resulting in heavy rainfall and flooding in some areas and drought in others. Extreme weather events have been more frequent and intense in Karnataka over the past few years. The average annual rainfall in the state is 1,153 mm, with 74 percent falling during the Southwest monsoon, 16 percent during the Northeast monsoon, and 10 per cent during the pre-monsoon.

Between 2001 and 2020, the state was hit by a 15-year drought of variable intensity. Some areas have been drought-stricken for more than five years in a row. In addition to 2005, 2009, 2018, 2019, 2020, and 2021, Karnataka witnessed severe floods in 2005, 2009, 2018, 2019, 2020, and 2021. Flooding and landslides have been a problem for the fourth year since 2018. Flooding and landslides have become the new normal during the monsoon seasons in the southwest and northeast, which were previously the most vulnerable to drought, reflecting the impact of shifting climatological circumstances.

Farmers are concerned about the looming climate change menace.

A year ago, Kondaji Reddy deemed farming an “absolutely unfit” profession for survival.

“For months together, I toiled hard in the field growing sugar cane and rice. However, the late arrival of monsoons devastated everything. The hard work didn’t yield any outcome, and my family was on the verge of starvation,” Kondaji told IPS.

He added that for months together, his family survived on the little savings it had made over the years.

“Then I thought I should quit farming forever and go to the city and work as a laborer. At least my family wouldn’t starve,” lamented the farmer.

Another farmer, M. Rachappa, shared a similar predicament. He says he extensively used chemical fertilizers, hoping to improve his harvest.

“However, things didn’t turn out the way I had hoped. The land turned barren… The crops I had sowed for months were destroyed. All I could stare at was the dead leaves and the barren soil,” says Rachappa.

The farmer adds that he was on the brink of selling his ancestral land—spread across three acres—and buying some grocery stores in the town. “I had lost all hope in farming. I had cultivated a firm belief in my mind that farming would no longer provide me with a decent living. But at the same time, I was ridiculing myself for planning to sell the land where my forefathers have toiled for decades together.”

To end the crisis, the farmers of this small hamlet recently developed a unique strategy. They are adopting techniques that could help them deal with the climate change crises.

Multi-cropping is one method that these otherwise crisis-stricken farmers are now relying upon. It is a common land management method that aims to increase agricultural production while diversifying the crop mix for economic and environmental reasons. It lowers the cost of inputs, irrigation, and labor, among other things.

Umesh Kalolli, a farmer leading the practice and imparting the training of this technique to other farmers in the village, says he got to know about this farming method from a research institute.

“I was uncertain about my future due to frequent losses. I was about to shun farming forever, but a friend of mine encouraged me to seek help from the experts. He took me to an agricultural university, where I shared my predicament with the researchers. For about three weeks, I was trained for multi-crop farming. Upon my return to my village, I began encouraging other farmers to use this farming method,” Kalolli said.

He adds that besides multi-cropping, the farmers were encouraged to do away with using chemical fertilizers. Instead, they are asked to adopt an organic farming method that not only makes the produce profitable but also of high quality.

“There is a dire need to revolutionize farming practices with a natural system. This is going to be the greatest service for humankind. We need to focus on marginal and downtrodden farmers so that they can be empowered, and this way, we are going to build a prosperous world for ourselves and our future generations,” Kalolli added.

Rachappa, the farmer, says that soon after acquiring the training, he began adopting the multi-crop method on his land. He began cultivating various vegetables, fruits, sugarcane, and rice paddies at the same time. This, he says, not only saved him time, but it also didn’t need extensive irrigation facilities.

“I then subtly moved to the organic method of farming. I stopped the use of chemical fertilizers in the field. I got the cow dung from the livestock I had in my home. Today, I earn more than fifty thousand rupees (700 US dollars) every month. I did not even think once about selling off my land. I am content with the profit it is producing for me now,” M. Rachappa said.

Kondaji was also trained to grow organic vegetables and produce manure.

“My fellow farmers even helped me dig the pit in the backyard for the manure to decompose. It is a natural fertilizer. The vegetables I produce now require the least amount of water, so the late arrival of monsoons no longer bothers me. My produce is sold at higher prices because it is organic,” Reddy says with a smile.

IPS UN Bureau Report


!function(d,s,id){var js,fjs=d.getElementsByTagName(s)[0],p=/^http:/.test(d.location)?’http’:’https’;if(!d.getElementById(id)){js=d.createElement(s);js.id=id;js.src=p+’://platform.twitter.com/widgets.js’;fjs.parentNode.insertBefore(js,fjs);}}(document, ‘script’, ‘twitter-wjs’);