GitHub — a Dangerous Platform if your house isn’t in order
Every year, hacker summer camp (aka DEFCON, Black Hat, BSides) arrives in a flurry of anticipation, presentations, and great ideas that often take reflection to determine how best to implement in our daily lives. Each year, in addition to new skills and information, we look for themes that may come to dominate the security world over the coming years. This year, DayBlink Consulting Cybersecurity Practice Lead Michael Morgenstern attended four BSides talks this year and a repeat at DEFCON on abusing GitHub — indicating that GitHub may be looming as a larger target than many other platforms. Last November, DropBox had 130 repos compromised, and in January GitHub itself reported that hackers stole some code-signing certs. Several years ago, exposed and vulnerable S3 buckets was a theme — replete with many large newsworthy breaches.
Read more about these threats and what organizations can do here: Michael Morgenstern on Medium.
About the Authors
Michael Morgenstern is a Partner and Practice Lead of DayBlink Consulting’s Cybersecurity Group.