CyberSecure Specialist

GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile. The rollout…

Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year.  The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC).  ASEC reported the software in question to the Korean Internet and Security Agency since the vulnerability has not been fully verified…

SANS Institute has launched the SANS Cloud Diversity Academy (SCDA) in partnership with Google, to help provide training and certifications to women, ethnic minorities, Indigenous people and other groups that are currently underrepresented in the cybersecurity sector. A 2022 report by Cybersecurity Ventures found that women make up only 25% of the cybersecurity workforce globally, while an Aspen Digital Tech Policy report from the same year found that only 9% of cybersecurity experts are Black,…

The number of detected hard-coded secrets increased by 67% last year compared to 2021, with 10 million new secrets discovered in public GitHub commits in 2022. That’s according to GitGuardian’s State of Secrets Sprawl 2023 report. It found that hard-coded secrets and accelerating secrets sprawl (storing secrets in many different places) are threatening the security of software supply chains. Hard-coded secrets pose significant security risks because they are often stored in plain text, making it…