UNIwise

View Original

UNIwise partners with GitHub to help customers protect against data breaches

UNIwise has add a new partner in our continuous ambition to improve security for WISEflow and our customers. We have partnered with GitHub, an Internet hosting service for software development and version control, to help protect users and prevent data leaks and fraud.  

We use GitHub for our code repository. Some of our customers integrate WISEflow into their platforms using APIs, and to do so, they need to have authorisation to log in. Our new partnership with GitHub scans for these API keys – our credentials – to see if they’re being used for other purposes. If a WISEflow API key is found in public code repositories, GitHub will forward it to UNIwise, and we will then immediately disable the key and contact the customer.  

This will help secure mutual users of both WISEflow and GitHub on private and public repositories. It also ensures our customers and their data are protected.  

The main goal for an attacker would be to use API keys to gain access to our system, and from there, try to leverage their permissions to get root access. This is also known as a supply chain attack, which is a cyber-attack that aims to damage a company by targeting less secure elements in the supply chain.  

A familiar example of this kind of attack may be the 2020 United States federal government data breach, orchestrated by a group backed by the Russian government. The attackers used credentials from a number of companies, notably Microsoft and SolarWinds, a major US information technology firm. Hacked code was pushed to customers’ computers through software updates and then used as a backdoor into their systems in order to spy on their operations and install further spyware. The hack was estimated to cost American businesses and government agencies upwards of $100 billion 

In the case of WISEflow and GitHub, scanning for API keys stops attackers in their tracks. Working with GitHub further bolsters our data security, which is at the core of what we do, and protects our customers’ data.  

Beside our partnership with GitHub, UNIwise has other security partners that help us in review and improve security in the internal setup of WISEflow.