ZDNet reports that GitHub will be requiring code developers to enable two or more forms of two-factor authentication by the end of next year as the Microsoft-owned code repository seeks to strengthen its security measures.
The recent proliferation of malicious packages in GitHub's npm registry has prompted the new security requirement. However, organizations have been given a 2023 deadline to be able to "optimize" the domain prior to the rules' implementation.
"Developers everywhere can expect more options for secure authentication and account recovery, along with improvements that help prevent and recover from account compromise," said GitHub Chief Security Officer Mike Hanley.
The development comes after new scanning functionality preventing accidental secret exposure was introduced by GitHub last month. "While we are investing deeply across our platform and the broader industry to improve the overall security of the software supply chain, the value of that investment is fundamentally limited if we do not address the ongoing risk of account compromise. Our response to this challenge continues today with our commitment to drive improved supply chain security through safe practices for individual developers," Hanley added.
Ontario's perinatal, newborn, and child registry Better Outcomes Registry & Network had sensitive data from nearly 3.4 million individuals compromised in late May as a result of the widespread MOVEit hack conducted by the Cl0p ransomware operation, reports BleepingComputer.
New York-based Marymount Manhattan College has agreed to allocate $3.5 million toward cybersecurity measures over the next six years instead of paying a $1 million fine to the state of New York after a data breach two years ago, which compromised almost 200,000 individuals' data, reports EdScoop.
Major U.S. consumer product leasing firm Progressive Leasing has disclosed that some of its systems have been impacted by a cyberattack that resulted in the significant compromise of personally identifiable information belonging to its customers and other individuals, according to The Record, a news site by cybersecurity firm Recorded Future.