Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Xtreme RAT Trojan
Android APT C2C CVE vulnerability Cyber Attacks Facebook Google Play Israeli Firm PDFs Phishing and Spam WhatsApp Xtreme RAT Trojan

Top Israeli Officials Duped by Bearded Barbie Hackers

 

Cybercriminals appear to be aggressively promoting the Remcos RAT that first appeared in hacking forums in 2016 and was marketed sold, and offered cracks on a variety of websites and forums. In 2017, researchers discovered Remcos being distributed via a malicious PowerPoint slideshow with a CVE-2017-0199 exploit. Remcos RAT is a piece of commercial software which may be purchased online. 

An "elaborate effort" targeting high-profile Israeli individuals working in critical defense, law enforcement, and emergency services sectors has been traced to a threat actor associated with Hamas' cyber warfare section. The Hamas-backed hacker outfit dubbed 'APT-C-23' was discovered catfishing Israeli officials in defense, law enforcement, and government institutions, resulting in the deployment of new malware. 

Before delivering spyware, the campaign uses advanced social engineering techniques like creating phony social media identities and maintaining a strong partnership with the targets. AridViper has previously targeted Palestinian law enforcement, military, or educational institutions, as well as the Israel Security Agency, with spear-phishing assaults (ISA). Researchers from Cisco Talos discovered AridViper assaults against activists involved in the Israel-Palestine conflict in February.

Malicious actors have built several phony Facebook pages utilizing forged credentials and pirated or AI-generated photographs of attractive women, and have used these profiles to approach their targets. The operators have spent months curating these profiles to make them appear legitimate, posting in Hebrew and alike organizations and prominent pages in Israel. The creators of these profiles create a network of friends who are actually people who work in Israel's police, defense forces, emergency services, or government. The opponents recommend transferring the chat to WhatsApp, ostensibly for more privacy, after building the target's trust by talking with individuals for a while. 

The Android app is actually the virus VolatileVenom.The icon is concealed on pre-Android 10 devices; with Android 10, the virus utilizes the Google Play installation icon. When the victim tries to sign into the Wink Chat, an error message appears, stating the app will be deleted. With a wide spectrum of espionage capabilities, VolatileVenom continues to function in the background. 

The malicious actors will eventually email the target a RAR file containing supposedly explicit photographs or videos as part of the catfishing attempts. This RAR file, on the other hand, contains the Barb(ie) installer malware, which installs the BarbWire backdoor. The filename of a sample of Barb(ie) detected by Cybereason is "Windows Notifications," and when it is made to run, it performs basic anti-analysis checks. If the host is deemed appropriate, the downloader links to an integrated C2 server. 

The BarbWire Backdoor is sent by the C2 server. The downloader contains a backup technique for finding a different C2. If the attackers need to modify the C2 from the one inserted, they can simply send an SMS message with the new destination. All inbound SMS messages are intercepted by the downloader. If one is provided by the intruders, it can just extract the new C2 information and install the backdoor. BarbWire steals data from PDFs, Office files, archives, picture files, movies, and photos, among other file types. It also checks for external media, such as a CD-ROM file, implying it's hunting for highly sensitive material which is carried around physically or over the internet. The stolen information is stored in a RAR archive and then sent to the attackers' C2 server. 

APT-C-23 employs several approaches which have been used in previous operations against Israeli targets, but it is constantly evolving with new tools and more intricate social engineering efforts. The lack of overlapping infrastructure distinguishes Operation Bearded Barbie from past missions, indicating the group's goal of avoiding notice. Another escalation for the threat actor is the usage of two backdoors, one for Windows and one for Android, resulting in very active espionage for the compromised targets.
Read more »
trojan ShadowPad
China China Cyber Security Cyber Attacks Cyber Threats India Nation-State Attacks State Sponsored Hackers trojan ShadowPad

Chinese Hackers Targeted Indian State Power Grid

 

Chinese state-sponsored malicious actors launched “probing cyberattacks” on Indian electricity distribution centers near Ladakh thrice since December 2021. On Wednesday a report by private intelligence firm Recorded Future confirmed the attack. 

The hackers targeted seven Indian state centers responsible for carrying out electrical dispatch and grid control near a border area contested by the two nuclear neighbors, the report added. This attack came to light while the military standoff between the two countries in the region had already deteriorated the relationship. However, the government sources affirmed that the attacks were not successful. 

''In recent months, we observed likely network intrusions targeting at least seven Indian State Load Despatch Centres (SLDCs) responsible for carrying out real-time operations for grid control and electricity dispatch within these respective states. Notably, this targeting has been geographically concentrated, with the identified SLDCs located in North India, in proximity to the disputed India-China border in Ladakh," the group said. 

The hackers employed the trojan ShadowPad, which the experts claimed has been developed by contractors for China's Ministry of State Security, thereby concluding  that it was a state-sponsored hacking effort. 

"In addition to the targeting of power grid assets, we also identified the compromise of a national emergency response system and the Indian subsidiary of a multinational logistics company by the same threat activity group," Recorded Future said.
Read more »
WiFi
Bugs DoS Firewall Flaws VPN Vulnerabilities and Exploits WiFi

Several Palo Alto Devices Affected by OpenSSL Flaw

 

In April 2022, Palo Alto Networks aims to patch the CVE-2022-0778 OpenSSL flaw in several of its firewall, VPN, and XDR devices. 

OpenSSL published fixes in mid-March to address a high-severity denial-of-service (DoS) vulnerability impacting the BN mod sqrt() function used in certificate parsing, which is tracked as CVE-2022-0778. Tavis Ormandy, a well-known Google Project Zero researcher, uncovered the issue. An attacker can exploit the flaw by creating a certificate with invalid explicit curve parameters. 

The advisory for this flaw read, “The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. Internally this function is used when parsing certificates that contain elliptic curve public keys in compressed form or explicit elliptic curve parameters with a base point encoded in compressed form.” 

“It is possible to trigger the infinite loop by crafting a certificate that has invalid explicit curve parameters.” 

The bug affects OpenSSL versions 1.0.2, 1.1.1, and 3.0, and the project's maintainers fixed it with the release of versions 1.0.2zd (for premium support customers), 1.1.1n, and 3.0.2. When parsing an invalid certificate, an attacker can cause the OpenSSL library to enter an infinite loop, resulting in a DoS condition, according to Palo Alto Networks. 

“All PAN-OS software updates for this issue are expected to be released in April 2022. The full fixed versions for PAN-OS hotfixes will be updated in this advisory as soon as they are available.” as per Palo Alto Network. 

During the week of April 18, the company is expected to provide security remedies for the above vulnerability. PAN-OS, GlobalProtect app, and Cortex XDR agent software, according to Palo Alto, have a faulty version of the OpenSSL library, whereas Prisma Cloud and Cortex XSOAR solutions are unaffected. 

“We intend to fix this issue in the following releases: PAN-OS 8.1.23, PAN-OS 9.0.16-hf, PAN-OS 9.1.13-hf, PAN-OS 10.0.10, PAN-OS 10.1.5-hf, PAN-OS 10.2.1, and all later PAN-OS versions. These updates are expected to be available during the week of April 18, 2022.” continues the advisory. 

Customers with Threat Prevention subscriptions can enable Threat IDs 92409 and 92411 to limit the risk of exploitation for this issue while waiting for PAN-OS security upgrades, according to the company.
Read more »
User Security
Banking Data Cyber Fraud Malaysian Bank User Security

Cybercriminals Employ Malicious Shopping Apps to Exfiltrate Banking Data of Malaysian Users

 

Cyber criminals have been distributing malicious applications disguised as legitimate shopping apps to steal customers’ financial data belonging to eight Malaysian banks. Earlier this week on Wednesday, researchers at Slovak security firm ESET shared new research reporting three separate apps targeting Malaysian customers. 

First discovered in November 2021, the malicious campaign began by distributing a fraudulent app pretending to be Maid4u, a legitimate-looking cleaning service brand. The cybercriminals responsible designed a website with an identical name -- a methodology known as typosquatting -- and attempted to trick users into downloading the malicious Maid4u app. To make the website appear legitimate, the attackers even used paid Facebook ads. 

Earlier this year in January, MalwareHunterTeam found three other malicious websites employing the same technique, and the campaign is still ongoing. ESET has since spotted another four malicious websites that mimic legitimate cleaning services such as Maid4u, Grabmaid, Maria's Cleaning, Maid4u, YourMaid, Maideasy and MaidACall and a pet store named PetsMore, all of which are aimed at users in Malaysia. 

The malicious websites do not provide an option to shop directly through them. Instead, they include buttons that claim to download apps from Google Play. However, clicking these buttons redirect users to rogue servers under the attackers’ control. To succeed, this malicious campaign requires the intended victims to enable the non-default “Install unknown apps” option on their devices. 

Subsequently, the victims are presented with payment options, such as credit cards or transferring the required amount from their bank accounts. After choosing the direct transfer option, victims are presented with a fake FPX payment page that lists eight Malaysian banks: Maybank, Affin Bank, Public Bank Berhad, CIMB Bank, BSN, RHB, Bank Islam Malaysia, and Hong Leong Bank. 

When users submit their bank credentials, they are sent to the attacker's command-and-control (C2) server. The victim is then shown an error message. "To make sure the threat actors can get into their victims' bank accounts, the fake e-shop applications also forward all SMS messages received by the victim to the operators in case they contain two-factor authentication (2FA) codes sent by the bank," the ESET researcher Lukáš Å tefanko explained. 

"While the campaign targets Malaysia exclusively for now, it might expand to other countries and banks later on," Å tefanko added. "At this time, the attackers are after banking credentials, but they may also enable the theft of credit card information in the future."
Read more »
data security
Block Cash App Data Breach data security

Cash App Company Block Suffers Data Breach, Customer Data Impacted

Cash App company Block accepts being hit by a data breach where a former employee saved reports from Cash app containing US customer information. In a Security and Exchange Commission (SEC) filing on 4th April, Block (earlier names as Square)- told that the reports were downloaded by an insider on December 10. The employee could regularly access these files as part of his past job duties, however, in this case, these files were accessed without authorization after the competition of his job. 

"Following its discovery of the incident four months after the fact, the company has launched an internal investigation and says it is notifying the applicable regulatory authorities and law enforcement. TechCrunch sent Block additional questions regarding the scope of the incident, but the company declined to answer," reports Tech Crunch. Block didn't respond to the issue, as to why a former employee still had access to the company data, and for how long did he have access to these files after his employment ended. 

The information in these files includes the full names of the users and their brokerage account numbers. Besides this, the compromised data for a few customers include portfolio value, intraday stock trading activity, and brokerage portfolio holdings. Block, a company based in San Francisco didn't disclose how many Cash App customers were affected by the incident, however, around 8.2 Million current and former customers were impacted by the incident. According to the company, no other personal information like passwords, usernames, payment card info or addressees, or social security numbers were leaked in the report. 

The filing mentions that other Cash App services and features and customers outside the US weren't affected by the incident. "At Cash App we value customer trust and are committed to the security of customers’ information. Upon discovery, we took steps to remediate this issue and launched an investigation with the help of a leading forensics firm. We know how these reports were accessed, and we have notified law enforcement. In addition, we continue to review and strengthen administrative and technical safeguards to protect information," says Danika Owsley, spokesperson for Cash App.
Read more »
Security Survey
Cyber risks Cyber Security Cyber Vulnerabilities Data threats Security Survey

How Often do Developers Push Vulnerable Code?

In a recent Research Synopsys stated that 48% of organizations deliberately push vulnerable code in their application security programs due to time constraints. The survey has been published after a thorough investigation conducted on more than 400 U.S.-based developers who work at organizations where they currently have CI/CD tools in place. 

The survey report named “Modern Application Development Security” examined to what extent threat security teams understand modern development and deployment practices, and where security controls are required to lower the risk. 

Following the survey, 60% of respondents mentioned that their production applications were exploited by OWASP top-10 vulnerabilities in the past 12 months. 42% of developers push vulnerable code once per month. 

The research stated that certain organizations knowingly push vulnerable codes without a thorough understanding of the security risks that they are taking. Employees think that it does not come into their bucket of responsibility to fix the code before the immense pressure. 

29% of developers within their organization lack the knowledge to mitigate issues. Developers play a very important role in application security, but the report stated that they lack the skills and training. Nearly one-third (29%) of respondents express that developers within their organization lack the knowledge to mitigate issues identified by their current application security tools. Further, the report said that Developers fix only 32% of known vulnerabilities. 

The researchers have also given solutions to fix the vulnerabilities efficiently. A third of vulnerabilities are noise. To reduce false-positive vulnerabilities, scans must have access to all of the required data so that security tools can accurately research whether vulnerability exists. Reducing security noise will allow developers to address security issues confidently and on time. 

Following the research, Tromzo CTO Harshit Chitalia said, “These findings show that developers regularly ignore security issues, but can we really blame them? Security teams are bombarding them with an endless stream of issues that need to be addressed with no way for them to separate what’s actually critical from all the noise, all while they are expected to release software more frequently and faster than ever before…” 

“…If we want developers to truly implement security, we must make it easy for them. This means integrating contextual and automated security checks into the SDLC so we can transition from security gates to security guardrails,” he further added, 
Read more »
Vulnerabilities and Exploits
Bug Cybersecurity Firms Exploits Flaws RCE Vulnerabilities and Exploits

SpringShell Attacks Target About One in Six Vulnerable Orgs

 

According to figures from one cybersecurity firm, about one out of every six firms affected by the Spring4Shell zero-day vulnerability has already been targeted by threat actors. 

The exploitation attempts occurred within the first four days of the severe remote code execution (RCE) issue, CVE-2022-22965, and the associated attack code was publicly disclosed. 37,000 Spring4Shell attacks were discovered over the weekend alone, according to Check Point, which generated the statistics based on their telemetry data. Software vendors appear to be the most hit industry, accounting for 28% of the total, possibly due to their high vulnerability to supply chain threats. 

Based on their visibility, Check Point ranks Europe #1 in terms of the most targeted region, with 20%. This suggests that the malicious effort to exploit existing RCE possibilities against vulnerable systems is well underway, and threat actors seem to be turning to Spring4Shell while unpatched systems are still exposed. North America accounts for 11% of Check Point's detected Spring4Shell attacks, while other entities have confirmed active exploitation in the United States. 

Spring4Shell was one of four flaws posted to the US Cybersecurity & Infrastructure Security Agency's (CISA) inventory of vulnerabilities known to be used in actual attacks yesterday. The agency has uncovered evidence of attacks on VMware products, in which the software vendor published security upgrades and alerts. 

Microsoft also released guidelines for detecting and preventing Spring4Shell attacks, as well as a statement that they are already analyzing exploitation attempts. Spring MVC and Spring WebFlux apps operating on JDK 9+ are affected by CVE-2022-22965, hence all Java Spring installations should be considered potential attack vectors. Spring Framework versions 5.3.18 and 5.2.2, as well as Spring Boot 2.5.12, were published by the vendor to address the RCE issue. 

As a result, upgrading to these versions or later is strongly advised. System administrators should also be aware of the remote code execution vulnerabilities in the CVE-2022-22963 and CVE-2022-22947 remote code execution flaws in the Spring Cloud Function and Spring Cloud Gateway. These flaws already have proof-of-concept exploits that are publicly available.
Read more »
TrickBot
BazarLoader C&C Conti Ransomware cybercriminals Data Breach Encrypted Files Russian Hackers TrickBot

Data Stolen From Parker Hannifin was Leaked by the Conti Gang

 

Several gigabytes of data allegedly taken from US industrial components major Parker Hannifin have been leaked by a known Conti gang. Parker Hannifin is a motion and control technology business which specializes in precision-built solutions for the aerospace, mobile, and industrial industries. 

The Fortune 250 business said in a legal statement on Tuesday, the compromise of its systems was discovered on March 14. Parker shut down several systems and initiated an inquiry after detecting the incident. Law enforcement has been alerted, and cybersecurity and legal specialists have been summoned to help. Although the investigation is ongoing, the company announced some data, including employee personal information, was accessed and taken. 

"Relying on the Company's early evaluation and currently available information, the incident has had no major financial or operational impact, and the Company does not think the incident will have a significant impact on its company, operations, or financial results," Parker stated. "The Company's business processes are fully operating, and it retains insurance, subject to penalties and policy limitations customary of its size and industry." 

While the company has not shared any additional details regarding the incident, cybersecurity experts have learned the infamous Conti gang has taken credit for the Parker breach. More than 5 GB of archive files supposedly comprising papers stolen from Parker have been leaked by the hacker group. However, this could only be a small percentage of the data they've obtained; as per the Conti website, only 3% of the data theft has been made public. Usually, hackers inform victims they must pay millions of dollars to restore encrypted files and avoid stolen information from being leaked. 

Conti ransomware is a very destructive malicious actor because of how quickly it encrypts data and transfers it to other computers. To gain remote access to the affected PCs, the organization is using phishing attempts to deploy the TrickBot and BazarLoader Trojans. The cyber-crime operation is said to be led by a Russian gang operating under the Wizard Spider moniker and members of Conti came out in support of Russia's invasion of Ukraine in February.

Conti data, such as malicious source code, chat logs, identities, email addresses, and C&C server details, have been disclosed by someone pretending to be a Ukrainian cybersecurity researcher. Conti works like any other business, with contractors, workers, and HR issues, as revealed by the released documents. Conti spent about $6 million on staff salaries, tools, and professional services in the previous year, according to a review conducted by crisis response firm BreachQuest.

Conti and other ransomware organizations continue to pose a threat to businesses and ordinary services, and measures should be taken to help prevent a severe cyberattack.
Read more »
Whatsapp Phishing
Credential Phishing cyber attack Cyber Attacks Whatsapp Phishing

WhatsApp Voice Message Phishing Campaign

 

Recently Armorblox researchers have discovered that the new WhatsApp phishing campaign is targeting users by impersonating WhatsApp's voice message feature, in one of their latest researches.

At least 27,655 email addresses have been targeted by a phishing campaign spoofing WhatsApp's voice message attempting to spread information-stealing malware. This phishing campaign is designed to lead the users through a series of steps that will ultimately end with the installation of an information-stealing malware infection which further will open the way to credential theft. 

Following the incident, researchers released a statement in which they have explained the entire fraudulent process and also warned to identify signs of fraudulent activity for users to better protect themselves from phishing attempts. 

The researchers said that the malicious actors are using the "Whatsapp Notifier" service with an address owned by the Center for Road Safety of the Moscow Region, which notifies recipients regarding a new private message, with the email including a "Play" button, as well as the duration of the audio clip and details regarding the creation of the message. 

Clicking on the "Play" button will redirect recipients to a website that will trigger an allow/block prompt for JS/Kryptic trojan installation, with users lured to click "Allow" to confirm that they are not a robot. Selecting "Allow" would then prompt the installation of the information-stealing malware.

Looking into the issue for Digital Journal Josh Rickard, Security Automation Architect at Swimlane said “Phishing attacks are one of the most common methods of cyberattacks and, unfortunately, have become all too easy for cybercriminals to leverage.” In terms of how this form of attack works, he continues: “ These types of social engineering attacks that exploit human error are highly effective and well-masked. In this case, WhatsApps’s voice message feature was manipulated in an attempt to spread information-stealing malware to over 27,000 email addresses associated with the app.”
Read more »
Ransomware Attacks.
Bitcoin Crypto Currency Crypto Currency law Cyber Security Cybersecurity EU IP addresses Ransomware Attacks.

Analysis of Cryptocurrency Fundraising

 

A cryptocurrency is a form of digital currency meant to make internet transactions extremely safe. Investors and authorities are paying attention to the unexpected increase in the value of cryptocurrencies. The digital era has surely aided in the advancement of our understanding and use of money. We are also on the verge of a new financial revolution, which is linked to the fourth industrial revolution. There are currently 9,271 distinct cryptocurrencies available, with Bitcoin, Ethereum, Tether, BNB, and USD being the most renowned ones.  

Cryptocurrencies, despite being older than the iPad, have just entered the public sphere, with their impact being predominantly felt in the last three or four years. The aspect of digital currencies has spread to numerous banks, including JP Morgan and Wells Fargo, which are developing their own cryptos. Blockchain, AI, IoT, and a slew of other technologies are making inroads into our daily lives as more traditional concepts and technologies are scrambling to stay up or risk becoming obsolete. 

Bitcoin, one of the most popular cryptocurrencies, was launched in 2009 and employs peer-to-peer technology to enable rapid transactions without the involvement of institutional bodies such as banks or governments. A password or a private key is required to access the received cryptocurrency in the wallet. Furthermore, the transaction is safeguarded by blockchain technology when it is sent from one wallet to another.

Physical currency serves as a universal measure of worth as well as a quick means of transmitting it. The switch to such a system would very certainly be tough, as cash may become incompatible in the blink of an eye if the crypto world advance at the current pace. Established banking institutions would almost certainly have to hustle to adapt. Governments across the world are now accepting blockchain and cryptocurrency. According to the Gartner report, 83 nations are currently experimenting with or deploying as such Central Bank Digital Currencies, or CBDCs, which account for 90 percent of global GDP. While many businesses initially offered to accept Bitcoin during its first boom, this list has progressively reduced, reinforcing doubt about the cryptocurrency's potential as a medium of trade. 

In India, cryptocurrency boomed relatively late when it already cost millions of rupees, as a result, Indians have few Satoshis (small units of a bitcoin) but this isn't the case in every situation. People are dealing in smaller units such as milli or micro bitcoins as the worth of cryptocurrency. 

Furthermore, the price of a cryptocurrency varies between exchanges, which is a clear breach of the legislation of one price.

While bitcoin performs admirably as a wealth vault, its volatility makes it riskier and exposes it to increased danger of loss. Several variables influence the price of a single bitcoin, like supply and demand, competition, and regulation. Investor perceptions of cryptocurrency are also influenced by recent news events.

The lack of other traits for crypto in India is typically associated with modern physical currencies; they cannot be deposited in a bank and must be held in digital wallets, which are costly and risky due to the possibility of hacking, staff corruption, public IP addresses, and ransomware. In many aspects, government supervision over central currency is essential for regulation, and cryptocurrencies would function with far less government oversight. Bitcoin's supply is set; there is an absolute limit of 21 million units.

In order to maintain steady price levels, the money supply must be able to rise in lockstep with macroeconomic activity, otherwise, the problem can only be solved by raising the velocity of money or by a substantial drop in prices. This might put the economy in jeopardy. 

For investors, bitcoin's artificial scarcity is a benefit: increased demand combined with inelastic supply leads to a greater price. The lack of a central regulator renders investor protection untenable and raises the likelihood of greater instability. People engage in these markets expecting the cryptocurrencies would grow in the future; this presumption fuels speculative behaviours, and a quick shift in the presumption may cause the market to crash, injuring many naive investors. 

The magnitude of economic harm is influenced by the connectivity between crypto-assets and the traditional banking industry. According to economists, direct exposure from cryptocurrencies to the financial system might be transmitted, and indirect repercussions could expand to other asset classes. Crypto assets, according to the RBI financial stability report (2021), offer long-term risks for capital control management, financial and macroeconomic stability, and monetary policy transmission.

China has taken the toughest stance on cryptocurrencies, going from allowing crypto mining to outright prohibiting it as of June 2021. Regulations are divided between the federal and state governments in the United States and India. Most EU draught Markets in Crypto-Assets Regulation (MiCA) legislation was announced by the European Commission in September 2020. The UK  is currently supervised by the Financial Conduct Authority (FCA). It's worth noting that the South American nation was the first to declare Bitcoin to be legal cash.

If we look at the evolution of crypto as a currency, it has virtually achieved its goal of decentralisation, and is now one of the main firms such as Tesla, Microsoft, and Meta are investing in it. On the other hand, the emerging cryptocurrency has the issue of being hackable. In the long run, if cryptocurrency continues to develop at its current rate, it may eventually replace fiat currency, resolving the issues of hacking and extreme volatility.
Read more »
Technology
GitHub New Feature Repository Scanning Technology

GitHub Brings Auto-Blocking Feature Including API Keys and Tokens

GitHub announced this Monday that it widened its code hosting platform's secret scanning features for GitHub Advanced Security customers to automatically restrict secret leaks. Secret scanning is a premium security feature provided to companies that use GitHub's Advanced Security license. Organizations can use this feature for extra repository scanning. The feature works via matching patterns mentioned by the organization or provided by a service partner or provider. 

Every match is defined as a security alert in the repos' Security tab or to providers if it connects with a provider pattern. The latest feature is called as push protection, it is made to protect against accidental exposure of creds before implementing code to remote repositories. The new feature attaches secret scanning within the developers' workflow and works using 69 token types (API keys, management certificates, access tokens, private creds, secret keys, noticed with a less "false positive" identification rate. 

"With push protection, GitHub will check for high-confidence secrets as developers push code and block the push if a secret is identified. High-confidence secrets have a low positive rate, so security teams can protect their organizations without compromising developer experience," GitHub reports. If the GitHub Enterprise Cloud is able to find a secret before implementing the code, the git push is restricted to let the developers recheck and delete the secrets from the code they tried to shift towards remote repos. 

"GitHub Advanced Security helps secure organizations around the world through its secret scanning, code scanning, and supply chain security capabilities, including Dependabot alerts and Dependabot security updates that are forever free," says the GitHub blog. 

How to enable Push Protection for your company? 

1. Go to GitHub, and find the page of the company. 
2. Under the organization name, open settings. 
3. In the sidebar section, find "Security," open Code security and analysis. 
4. After that, find "GitHub Advanced Security." 
5. Find "Secret Scanning" in push notifications, click enable all. 
6. Finally, click "Automatically enable for private repositories added to secret scanning."
Read more »
Subscribe to: Comments (Atom)