Every developer knows that it’s a bad idea to hardcode security credentials into source code. Yet it happens and when it does, the consequences can be dire. Until now, GitHub only made its secret scanning service available to paying enterprise users who paid for GitHub Advanced Security, but starting today, the Microsoft-owned company is making its secrets scanning service available for all public GitHub repos for free.
In 2022 alone, the company notified partners in its secret scanning partner program of moew than 1.7 million potential secrets that were exposed in public repositories. The service scans repositories for over 200 known token formats and then alerts partners of potential leaks — and you can define your own regex patterns, too.
sourse: https://techcrunch.com/
Reddit has confirmed hackers accessed internal documents and source code following a “highly-targeted” phishing attack. A post by Reddit CTO Christopher Slowe, or KeyserSosa, explained that on February 5 the company became aware of the “sophisticated” attack targeting Reddit employees. He says that an as-yet-unidentified attacker sent “plausible-sounding prompts,” which redirected employees to a website masquerading as Reddit’s […]
This holiday season, consider giving the gift of security with an ad blocker. That’s the takeaway message from an unlikely source — the FBI — which this week issued an alert warning that cybercriminals are using online ads in search results with the ultimate goal of stealing or extorting money from victims. In a pre-holiday […]
Emerging Indian social media app Slick left an internal database containing users’ personal information, including data of school-going children, publicly exposed to the internet for months. Since at least December 11, a database containing full names, mobile numbers, dates of birth, and profile pictures of Slick users was left online without a password. Bengaluru-based Slick launched in […]
Leave a Reply