GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile. The rollout comes a week after the White House released an ambitious National Cybersecurity Strategy that puts responsibility on software vendors to secure the software ecosystem.
Category Archives: News
8220 Gang Behind ScrubCrypt Attack Targeting Oracle Weblogic Server
ScrubCrypt malware obfuscates and encrypts applications to evade antivirus detection
Acer Confirms Unauthorized Access But Says No Consumer Data Stolen
Kernelware threat actor claimed responsibility for the hack on a dark web forum
TikTok Initiates Project Clover Amid European Data Security Concerns
Social media giant TikTok has retaliated to European data security concerns with Project Clover and the announcement of two new data centers
Lazarus group infiltrated South Korean finance firm twice last year
Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year.
The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC).
ASEC reported the software in question to the Korean Internet and Security Agency since the vulnerability has not been fully verified yet and a software patch has not been released. The report therefore does not name the affected software.
Understanding the Shared Responsibility Model, Critical Step to Ensure Cloud Security
During the Cloud & Cyber Security Expo, cloud security experts attributed the security shortcomings of cloud users to misconceptions over their responsibility
Tehran Targets Female Activists in Espionage Campaign
House Members at Risk After Insurer Data Breach
Fifth of Government Workers Don’t Care if Employer is Hacked
Smashing Security podcast #312: Rule 34, Twitter scams, and Facebook fails
Scammers get pwned by a Canadian granny! Don’t be seduced in a bar by an iPhone thief! And will the US Marshals be able to track down the villains who stole their data?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Plus don’t miss our featured interview with Jason Meller of Kolide.