Plugging secrets leaks requires holistic software and technology stack protection | allinfosecnews.com

March 13, 2023, 1:30 p.m. | matthew.rose@reversinglabs.com (Matt Rose)

ReversingLabs Blog blog.reversinglabs.com

Secrets leaks have become a disturbing trend on GitHub, and may pose a serious risk to your organization's software supply chain. Developers are leaving secrets such as login credentials, API keys, SSH keys, encryption keys, and database passwords exposed in their code and comments. Unfortunately, those secrets are an integral part of any application — and a prime target for threat actors to discover when stored in code repositories.

api api keys application code code repositories comments credentials database developers discover encryption encryption keys exposed github keys leaks login login credentials may organization passwords prime protection repositories risk secrets secrets security serious software software supply chain software supply chain security ssh ssh keys supply supply chain target technology threat threat actors trend

More from blog.reversinglabs.com / ReversingLabs Blog

CycloneDX upgraded for the evolving software supply chain security era 1 day, 3 hours ago | blog.reversinglabs.com

ai development appsec & supply chain security bill bills +25

Where GenAI intersects with threat modeling: 3 key benefits for AppSec 2 days, 5 hours ago | blog.reversinglabs.com

application application security appsec appsec & supply chain security +18

OWASP's LLM AI Security & Governance Checklist: 13 action items for your team 3 days, 5 hours ago | blog.reversinglabs.com

action ai security appsec & supply chain security artificial +15

XZ Trojan highlights software supply chain risk posed by 'sock puppets' 1 week, 1 day ago | blog.reversinglabs.com

appsec & supply chain security attacks compression compromise +28

The state of secrets security: 7 steps to better managing risk 1 week, 2 days ago | blog.reversinglabs.com

appsec & supply chain security complexity development epidemic +16

When GenAI and low-code collide: What could go wrong for AppSec? 1 week, 3 days ago | blog.reversinglabs.com

application application security appsec appsec & supply chain security +22

Malicious helpers: VS Code Extensions observed stealing sensitive information 2 weeks, 2 days ago | blog.reversinglabs.com

administrators attacks code daily +20

SBOMs are now essential: Make them actionable to better manage risk 2 weeks, 3 days ago | blog.reversinglabs.com

actionable appsec & supply chain security attack attacks +15

A software supply chain meltdown: What we know about the XZ Trojan 2 weeks, 3 days ago | blog.reversinglabs.com

alarms appsec & supply chain security attack backdoor +18

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations

View on infosec-jobs.com

Information Security Engineers

@ D. E. Shaw Research | New York City

View on infosec-jobs.com

SOC Cyber Threat Intelligence Expert

@ Amexio | Luxembourg, Luxembourg, Luxembourg

View on infosec-jobs.com

Systems Engineer - SecOps

@ Fortinet | Dubai, Dubai, United Arab Emirates

View on infosec-jobs.com

Ingénieur Cybersécurité Gouvernance des projets AMR H/F

@ ASSYSTEM | Lyon, France

View on infosec-jobs.com

Senior DevSecOps Consultant

@ Computacenter | Birmingham, GB, B37 7YS

View on infosec-jobs.com