#1 Trusted Cybersecurity News Platform Followed by 4.50+ million
The Hacker News Logo
Subscribe – Get Latest News
Cloud Security

source code hosting | Breaking Cybersecurity News | The Hacker News

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

GitHub Swiftly Replaces Exposed RSA SSH Key to Protect Git Operations

Mar 24, 2023 Cloud Security / Programming
Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or eavesdropping on users' operations over SSH. "This key does not grant access to GitHub's infrastructure or customer data," Mike Hanley, chief security officer and SVP of engineering at GitHub,  said  in a post. "This change only impacts Git operations over SSH using RSA." The move does not impact Web traffic to GitHub.com and Git operations performed via HTTPS. No change is required for ECDSA or Ed25519 users. The Microsoft-owned company said there is no evidence that the exposed SSH private key was exploited by adversaries. It did not disclose how long the se
GitHub Announces Free Secret Scanning for All Public Repositories

GitHub Announces Free Secret Scanning for All Public Repositories

Dec 16, 2022 Secure Coding / Code Hosting
GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company  said , adding it's expected to complete the rollout by the end of January 2023.  Secret scanning is  designed  to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in  over 200 formats  that may have been accidentally committed, and generate alerts to prevent their misuse. The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license. For customers of GitHub Advanced Security, the  protections  go a step further by performing the scans for exposed secrets, including custom patterns,  during code pushes . The Microsoft subsidiary also said it's  planning  to turn on two-factor authentication
Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Timing is Everything: The Role of Just-in-Time Privileged Access in Security Evolution

Apr 15, 2024Active Directory / Attack Surface
To minimize the risk of privilege misuse, a trend in the privileged access management (PAM) solution market involves implementing just-in-time (JIT) privileged access. This approach to  privileged identity management  aims to mitigate the risks associated with prolonged high-level access by granting privileges temporarily and only when necessary, rather than providing users with continuous high-level privileges. By adopting this strategy, organizations can enhance security, minimize the window of opportunity for potential attackers and ensure that users access privileged resources only when necessary.  What is JIT and why is it important?   JIT privileged access provisioning  involves granting privileged access to users on a temporary basis, aligning with the concept of least privilege. This principle provides users with only the minimum level of access required to perform their tasks, and only for the amount of time required to do so. One of the key advantages of JIT provisioning
Cloud Source Repositories: Google Quietly Launches GitHub Competitor

Cloud Source Repositories: Google Quietly Launches GitHub Competitor

Jun 26, 2015
After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories . Not yet officially announced, but Google started providing free beta access to its new Cloud Source Repositories earlier this year, VentureBeat reported. Similar to the popular source code repository hosting service GitHub, Cloud Source Repositories provides developers with the ability to host and edit code on the ever-expanding Google Cloud Platform . Though it will not be easy to take hold of all GitHub's customers overnight, Google is taking a successive approach with its new service -- Cloud Source Repositories can serve as a 'remote' Git repositories for users sitting elsewhere on the Internet or locally. Moreover, it is also possible for users to connect a Cloud Source Repository to a hosted repository service like GitHub or Bitbucket that will automatical
cyber security

WATCH: The SaaS Security Challenge in 90 Seconds

websiteAdaptive ShieldSaaS Security / Cyber Threat
Discover how you can overcome the SaaS security challenge by securing your entire SaaS stack with SSPM.
Cybersecurity Resources