Biggest Security Takeaway of 2020: Don't Leak Secrets on GitHub

Biggest Security Takeaway of 2020: Don't Leak Secrets on GitHub

Biggest Security Takeaway of 2020: Don't Leak Secrets on GitHub. 2020 was a crazy year, for security in particular. But from all the hacks and breaches this year, there is one takeaway; don't leak secrets on GitHub.

2020 was a crazy year, for security in particular. But from all the hacks and breaches this year, there is one takeaway; don't leak secrets on GitHub.

2020 has been crazy, especially in security.

We could list all the insane things that have happened this year, but you were there; you lived through it. In the world of cybersecurity, we have seen some unprecedented malicious activity: Widespread phishing attacks utilizing the fear of COVID-19, attacks on hospitals, a huge increase in nation-state attacks… Heck, even Jeff Bezos and Kayne got their Twitter profiles hacked. *Picking a takeaway from the year is difficult, to say the least. But towards the end of the year, we saw a *massive increase in high-profile attacks that were exploited with a common vulnerability: Leaked credentials in git, namely GitHub.

The Recent Headlines

One of the biggest data breaches we saw this year came from  Brazil. Data from 16 million Brazilian COVID-19 patients were exposed online, a list that included the president of Brazil, Jair Bolsonaro. This leak contained a trove of sensitive information such as addresses, names, medication regimes, and even medical history.

And more recently, there’s the still-unfolding hack of SolarWinds. The company has acknowledged that hackers injected malware into a software update for its Orion platform, a suite of products  broadly used across the U.S. federal government and Fortune 500 organizations to monitor the health of their IT networks. The complete extent of this hack is still unknown as it now affects thousands of SolarWind customers, and the repercussions won’t fully be known until well into 2021. What we do know right now:

  • Attackers gained access to the SolarWinds update server and injected a small amount of malicious code into an update.
  • The hackers were able to use the injected malware to breach SolarWinds customers with the update.
  • Attackers gained access to email communications in the U.S. Treasury and Commerce departments.
  • Intrusion had also been used to infiltrate computer networks at the U.S. Department of Homeland Security (DHS).
  • Up to *18,000 customers *(again, government and fortune 500 organizations) have been affected by the intrusion.

So what do these two massive security incidents have in common?

devops git github infosec secops

Bootstrap 5 Complete Course with Examples

Bootstrap 5 Tutorial - Bootstrap 5 Crash Course for Beginners

Nest.JS Tutorial for Beginners

Hello Vue 3: A First Look at Vue 3 and the Composition API

Building a simple Applications with Vue 3

Deno Crash Course: Explore Deno and Create a full REST API with Deno

How to Build a Real-time Chat App with Deno and WebSockets

Convert HTML to Markdown Online

HTML entity encoder decoder Online

Git Bash Tutorial | Git Bash Basics | Git and GitHub Training | DevOps Training

This Edureka "Git Bash Tutorial" gives you a complete overview of what is Git Bash and its common commands. You will also Install Git Bash for Windows. Git Bash Tutorial | Git Bash Basics | Git and GitHub Training | DevOps Training

Git Tutorial | Introduction to Git & GitHub | DevOps Training

Git Tutorial will talk about the Version Control System & Version Control Tool - Git. You will learn about several Git commands and Git Operations with example.

Mirroring Git Changes From One Server to Another Server

Hello all, nowadays most of the development teams using GIT version control, some of you may have a requirement of mirroring your team's git changes from one server to another Git server. This article will help you to achieve the Git mirroring between one server to another server.

How to Extend your DevOps Strategy For Success in the Cloud?

DevOps and Cloud computing are joined at the hip, now that fact is well appreciated by the organizations that engaged in SaaS cloud and developed applications in the Cloud. During the COVID crisis period, most of the organizations have started using cloud computing services and implementing a cloud-first strategy to establish their remote operations. Similarly, the extended DevOps strategy will make the development process more agile with automated test cases.

Git & GitHub Tutorial For Beginners | What is Git | DevOps Training

This Edureka session on ‘Git & GitHub Tutorial For Beginners’ will discuss what is Gitand how it can be used for version control. This video will also give a brief introduction to other Git fundamentals.