This week, GitHub began to automatically block commits with secrets, a new infostealer was discovered, and Microsoft introduced new security features in Windows 11. The TOP-3 was collected by Konstantin Krainov, an analyst at the Jet CSIRT information security monitoring and response center at Jet Infosystems.
GitHub now automatically blocks commits with API keys and auth tokens
“To date, GitHub has discovered more than 700,000 secrets in thousands of private repositories using Secret Scan for GitHub Advanced Security. GitHub also scans templates from our partners in all public repositories (for free),” GitHub noted. A new feature known as push protection must be manually enabled in the repository or organization settings.
Phishing alerts on voice messages WhatsApp distributes stealer
Armorblox has warned of a new phishing campaign in which attackers spoof WhatsApp’s voice messaging feature in order to distribute data stealing software. The infostealer was sent to at least 27,655 email addresses.
Microsoft introduces new security features in Windows 11
New features include the Microsoft Pluton chip, app security from Smart App Control, improved phishing detection with Microsoft Defender SmartScreen, and protecting users from themselves with Settings Lock. The focus is on protecting hybrid operation and zero-trust security from chip to cloud.