GitHub Announces Free Secret Scanning for All Public Repositories
GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free
Data leaks can expose passwords, personal records, and business secrets, enabling identity theft, fraud, extortion, and follow-on cyberattacks.
Search across headline titles and summaries.
Background for this topic.
Leak is the unauthorized disclosure or exposure of information to people or systems not meant to receive it. It may be deliberate or accidental and can involve personal data, credentials, API keys, source code, trade secrets, or internal documents. A leak can result from theft and publication, an employee sending data to the wrong recipient, or an exposed cloud storage bucket, database, log, repository, or backup. The term describes the exposure, not necessarily how attackers obtained it; reporting may refer to both confirmed disclosure and suspected exposure.
Security teams should establish what data was accessible, to whom, and for how long, while distinguishing evidence of access from mere exposure. Exposed passwords, tokens, and keys should be revoked or rotated quickly, and affected systems checked for reuse or further access. Personal or regulated data may trigger privacy and reporting obligations, while leaked proprietary material can require legal and threat-intelligence monitoring. Prevention includes least-privilege access, secret scanning, safe sharing controls, encryption where appropriate, and monitoring for misconfigured public resources.
GitHub on Thursday said it is making available its secret scanning service to all public repositories on the code hosting platform for free
Gemini crypto exchange announced this week that customers were targeted in phishing campaigns after a threat actor collected their personal information from a third-party vendor. [...]
Microsoft has addressed an LSASS memory leak issue on some domain controllers that led to freezes and restarts after installing Windows Server updates released during last month's Patch Tuesday. [...]
Databases, details of 'sexual proceedings in court' and more apparently pilfered from finance IT LockBit claims it was behind a cyber-attack on the California Department of Finance, bragging it stole data during the intrusion.…
Leak flows from pwned supplier Teqtivity Uber, which has suffered a few data thefts in its time, is this week dealing with the fallout from more information being stolen, this time through one of its technology suppliers.…
No passwords were reportedly exposed, but Twitter prompted users to enable 2FA to protect accounts
Threat actors leak employee email addresses, corporate reports, and IT asset information on a hacker forum after an attack on an Uber technology partner.
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. [...]
Twitter confirmed today that the recent leak of millions of members' profiles, including private phone numbers and email addresses, resulted from the same data breach the company disclosed in August 2022. [...]
Uber has suffered a new data breach after a threat actor leaked employee email addresses, corporate reports, and IT asset information stolen from a third-party vendor in a cybersecurity incident. [...]
With 2022 coming to a close, there is no better time to buckle down and prepare to face the security challenges in the year to come. This past year has seen its fair share of breaches, attacks, and leaks, forcing organizations to scramble to protect their SaaS stacks. March alone saw three different breaches from Microsoft, Hubspot, and Okta. With SaaS sprawl ever growing and becoming more
Google has officially begun rolling out support for passkeys, the next-generation passwordless login standard, to its stable version of Chrome web browser