GitHub has begun its official rollout of two-factor authentication (2FA) for developers who contribute code to the platform to enhance the security of accounts and the software supply chain. GitHub first announced its intention to mandate 2FA for all code contributors in May 2022, and will begin the first group’s enrolment on Monday, March 13. GitHub is allowing users to choose their preferred 2FA method – SMS, TOTP, security keys, or GitHub mobile. The rollout comes a week after the White House released an ambitious National Cybersecurity Strategy that puts responsibility on software vendors to secure the software ecosystem.
Lazarus group was spotted exploiting flaws in unnamed software to gain access to a South Korean finance firm twice last year.
The North Korea-linked group had infiltrated the affected company in May 2022 and again in October through the same software’s zero-day vulnerability, according to a research by AhnLab Security Emergency Response Center (ASEC).
ASEC reported the software in question to the Korean Internet and Security Agency since the vulnerability has not been fully verified yet and a software patch has not been released. The report therefore does not name the affected software.
During the Cloud & Cyber Security Expo, cloud security experts attributed the security shortcomings of cloud users to misconceptions over their responsibility
Scammers get pwned by a Canadian granny! Don’t be seduced in a bar by an iPhone thief! And will the US Marshals be able to track down the villains who stole their data?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by Anna Brading.
Plus don’t miss our featured interview with Jason Meller of Kolide.
