Scotiabank source code, credentials found open on GitHub: news report
Thursday, September 19, 2019
Scotiabank is not only a user of GitHub, it’s also a contributor to the ecosystem. Last year the bank announced its first open source contribution to the GitHub community so developers can use it for their applications.
Ilia Kolochenko, founder and CEO of web security company ImmuniWeb, noted that public code repositories, various code and data sharing projects can greatly facilitate DevSecOps and accelerate agile software development. However, he added, they likewise bring a wide spectrum of critical business risks of inadvertent or careless data leaks exacerbated by third-party developers with insufficient security training.
“Some developers recklessly share passwords from production systems on Pastebin thereby opening doors to their digital realms without thinking about the consequences. Cybercriminals are well aware of the situation and are continuously crawling publicly accessible data sources to get sensitive source code, hard-coded credentials and API keys. Worst, they often succeed and their intrusions frequently remain undetected as virtually no abnormal activities happens.
“Large companies need to thoughtfully design a secure software development policy, and properly enforce and monitor it. Regular security training for developers should be an essential part of the policy. Special attention must be given when developers are outsourced to third-parties unfamiliar with security procedures and best practices.” Read Full Article
Dark Reading: Texas Refuses to Pay $2.5M in Massive Ransomware Attack
Adweek: Looking at 4 Major Ways GDPR Has Altered the Marketing Landscape