source code hosting | Breaking Cybersecurity News | The Hacker News

Cloud-based repository hosting service GitHub said it took the step of replacing its RSA SSH host key used to secure Git operations "out of an abundance of caution" after it was briefly exposed in a public repository. The activity, which was carried out at 05:00 UTC on March 24, 2023, is said to have been undertaken as a measure to prevent any bad actor from impersonating the service or eavesdropping on users' operations over SSH. "This key does not grant access to GitHub's infrastructure or customer data," Mike Hanley, chief security officer and SVP of engineering at GitHub,  said  in a post. "This change only impacts Git operations over SSH using RSA." The move does not impact Web traffic to GitHub.com and Git operations performed via HTTPS. No change is required for ECDSA or Ed25519 users. The Microsoft-owned company said there is no evidence that the exposed SSH private key was exploited by adversaries. It did not disclose how long the se

GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free. "Secret scanning alerts notify you directly about leaked secrets in your code," the company  said , adding it's expected to complete the rollout by the end of January 2023.  Secret scanning is  designed  to examine repositories for access tokens, private keys, credentials, API keys, and other secrets in  over 200 formats  that may have been accidentally committed, and generate alerts to prevent their misuse. The security option was previously limited to repositories owned by organizations that use GitHub Enterprise Cloud and have a GitHub Advanced Security license. For customers of GitHub Advanced Security, the  protections  go a step further by performing the scans for exposed secrets, including custom patterns,  during code pushes . The Microsoft subsidiary also said it's  planning  to turn on two-factor authentication

As a vCISO, you are responsible for your client's cybersecurity strategy and risk governance. This incorporates multiple disciplines, from research to execution to reporting. Recently, we published a comprehensive playbook for vCISOs, "Your First 100 Days as a vCISO – 5 Steps to Success" , which covers all the phases entailed in launching a successful vCISO engagement, along with recommended actions to take, and step-by-step examples.  Following the success of the playbook and the requests that have come in from the MSP/MSSP community, we decided to drill down into specific parts of vCISO reporting and provide more color and examples. In this article, we focus on how to create compelling narratives within a report, which has a significant impact on the overall MSP/MSSP value proposition.  This article brings the highlights of a recent guided workshop we held, covering what makes a successful report and how it can be used to enhance engagement with your cyber security clients.

After the death of Google code this winter, Google is apparently back in the business through the launch of its private Git repository hosting service on Google Cloud Platform called Cloud Source Repositories . Not yet officially announced, but Google started providing free beta access to its new Cloud Source Repositories earlier this year, VentureBeat reported. Similar to the popular source code repository hosting service GitHub, Cloud Source Repositories provides developers with the ability to host and edit code on the ever-expanding Google Cloud Platform . Though it will not be easy to take hold of all GitHub's customers overnight, Google is taking a successive approach with its new service -- Cloud Source Repositories can serve as a 'remote' Git repositories for users sitting elsewhere on the Internet or locally. Moreover, it is also possible for users to connect a Cloud Source Repository to a hosted repository service like GitHub or Bitbucket that will automatical