Hackers steal 15,000 cloud credentials from exposed Git config files

October 30, 2024 at 10:12AM The “EmeraldWhale” operation has exploited exposed Git configuration files to steal over 15,000 cloud credentials from private repositories. Using automated tools, hackers scan IP ranges for vulnerabilities and utilize stolen tokens for phishing and spam. Despite its simplicity, the campaign poses significant risks, prompting developers to adopt better secret management … Read more

Passwordless AND Keyless: The Future of (Privileged) Access Management

September 20, 2024 at 07:39AM Traditional privileged access management (PAM) solutions struggle to effectively handle SSH keys, which functionally differ from passwords. SSH keys outnumber passwords and grant widespread access, yet aren’t managed centrally, posing a security risk. Modern ephemeral access solutions bypass the need to manage passwords or keys, offering improved security and reduced … Read more

Secrets Exposed: Why Your CISO Should Worry About Slack

September 3, 2024 at 03:42AM Summary: Secrets, like API keys and passwords, pose a significant risk when accidentally shared in collaboration tools. Machine identities now outnumber human identities, and secrets are found not only in code but also in tools like Slack and Jira. Integrating platforms like GitGuardian for real-time monitoring and training teams on … Read more

Python’s PyPI Reveals Its Secrets

April 11, 2024 at 07:45AM GitGuardian’s 2024 report reveals over 12.8 million new exposed secrets in GitHub and highlighted potential threats in the PyPI repository. While Python developers widely use open-source packages, the report identifies the risks of exposing sensitive credentials. The article emphasizes the importance of proper secrets management and advises adopting automation tools … Read more