Week 3

https://thehackernews.com/2022/05/how-secrets-lurking-in-source-code-lead.html

An increasing threat to cybersecurity is software secrets being leaked to places like GitHub. By secrets, I do not mean secrets in the traditional sense, although they are secret, in this case, a secret is a key for software engineering teams to use in order to access source code. Secrets are similar to passwords, however, they are meant to be shared among a team.

Sharing passwords can be convenient for a team, but it opens up security risks for these secrets to be leaked and accessed by hackers. 

In the process of software development, previous versions of the software are saved in case a new version introduces bugs. Sometimes previous versions are saved for years.

Often what gets leaked is the keys to the older versions of the software which still resembles much of the current day software, leading to open access to the source code.

Knowledge of the source code can give hackers what they need to access organization information and exploit it.

Comments

Post a Comment

Popular posts from this blog

Week 10

 https://www.csoonline.com/article/3666428/6-security-analyst-job-description-red-flags-that-make-hiring-harder.html I thought it would be a nice change of pace to share some challenges when it comes to getting cyber security jobs instead of a security threat since most people in this class will one day or already have been on the job hunt for these jobs. The article shares the top 6 red flags to look out for in security analyst positions: 1. No description of the actual responsibilities The job of security analyst could potentially have a vast number of responsibilities, it is not a good sign if the company is trying to hide the workload for the position. 2. Unrealistic experience requirements Security analysts are often the first job someone pursuing a cyber security career will get. If the company says you need many years of experience first, the company might not understand what a security analyst is. 3. Overemphasizing the tech—especially if it’s old Often job p...
Read more

Week 6

 https://thehackernews.com/2022/06/russian-hackers-exploiting-microsoft.html Russia and Ukraine are in the midst of a cyber war. Currently, Russia is taking advantage of a security flaw in Windows operating systems "Follina" which allows password-stealing software to be deployed on other computers. Follina is a security flaw that exists because it allows remote code execution for the Windows Support Diagnostic Tool. This malware has been used on Ukraine devices to gather data from users such as passwords and cookies.
Read more

Week 8

 https://www.csoonline.com/article/3043030/top-cloud-security-threats.html Cloud security is growing in popularity, and because of this, it is important to know what its common risks are. The article above has eleven cloud risks, however, I will only go over the top five in this blog post. 1. Insufficient identity, credential, access and key management Brute forcing is not nearly as popular as infiltrating cloud security by posing as a legitimate user. Identity management is important for any cloud security to minimize this threat. 2. Insecure interfaces and APIs Using interfaces and/or APIs can help alleviate some work for security specialists and software development, however, sometimes security flaws exist in these interfaces/APIs. It is important for organizations to know exactly what these APIs are doing and restructure them if a security vulnerability exists in them. 3. Misconfiguration and inadequate change control This results from a lack of system knowledge,...
Read more