1. Forum
  2. tqwNet
  3. TQW_GENTECH

  • Open source bug leaves hundreds of thousands of sites open to att

    From TechnologyDaily@1337:1/100 to All on Wed Aug 17 18:45:03 2022
    Open source bug leaves hundreds of thousands of sites open to attack

    Date:
    Wed, 17 Aug 2022 17:30:57 +0000

    Description:
    Git users are exposing sensitive data through hidden folders that can be
    found online.

    FULL STORY ======================================================================

    Hundreds of thousands of websites, including thousands using the .gov domain, are at risk of data loss , experts have warned.

    Cybersecurity researchers from Defense.com have discovered a vulnerability in the open source development tool Git which, if not addressed, allows threat actors the keys to the kingdom.

    Apparently, there is a number of .git folders that need to be hidden, but in many cases, are not. While a serious flaw, its not directly Gits fault, the researchers are saying, but rather Git users failing to follow best practice. With the help of a specially crafted Google dork, a threat actor would be
    able to find these folders, and download their contents. Eliminating risk

    The files contained within these folders usually hold entire codebase
    history, previous code changes, comments, security keys, as well as sensitive remote paths containing secrets and files with plain-text passwords. Besides the obvious threat of exposing passwords and sensitive data, theres also a hidden threat - hackers could review the code and find additional flaws which they probably wont be fixing but instead - abusing. Whats more, these folders could contain database credentials and API keys, further giving threat actors access to sensitive user data.

    In total, Defense.com says, 332,000 websites were found as potentially vulnerable, including 2,500 residing on the .gov domain.

    Open source technology always has the potential for security flaws, being rooted in publicly accessible code. However, this level of vulnerability is not acceptable, commented Oliver Pinson-Roxburgh, CEO of Defense.com. Organizations, including the UK government, must ensure they monitor their systems and take immediate steps to remediate risk. Read more

    Be warned, GitHub users: Hackers flood platform with malicious clones


    A mystery hacker is smuggling data out of private code repositories,
    GitHub warns


    Keep your business safe with the best endpoint protection

    Git is a hugely popular open-source version control system, counting more
    than 80 million active users, Pinson-Roxburgh adds, saying this type of vulnerability, on such a popular platform, can have serious consequences for affected firms.

    Whilst it is true that some folders would have been purposefully left accessible, the vast majority will be unaware of the threat they are facing, he concluded. These are the best antivirus solutions right now



    ======================================================================
    Link to news story: https://www.techradar.com/news/open-source-bug-leaves-hundreds-of-thousands-of -sites-open-to-attack/


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)