1. Forum
  2. tqw
  3. TQW GENTECH

  • Thousands of cloud credentials stolen from exposed Git config fil

    From TechnologyDaily@1337:1/100 to All on Thursday, October 31, 2024 14:45:05
    Thousands of cloud credentials stolen from exposed Git config files

    Date:
    Thu, 31 Oct 2024 14:43:00 +0000

    Description:
    Hackers can earn big bucks with this discovery, or can use the database for spam and phishing.

    FULL STORY ======================================================================

    Hackers have stolen tens of thousands of cloud account credentials , by abusing exposed Git configuration files, experts have claimed.

    Git configuration files are where Git saves different preferences and settings, such as names, email, or which files to ignore. They help Git know how to behave for different projects and can be set up globally (for all projects) or just for specific ones. Sometimes, developers will include valuable secrets in private repositories, since its faster, and more convenient. It generally isnt a problem, as long as the repositories are properly secured.

    However, when they are exposed on the internet, hackers can find and grab them, a report from cybersecurity researchers Sysdig, who dubbed the
    operation EmeraldWhale, has revealed. Active credentials

    The threat actors behind EmeraldWhale used multiple scanning tools, such as httpx, and Masscan to scan websites hosted on some 500 million IP addresses. They divided them into 12,000 IP ranges, and looked for exposed Git configuration files.

    Once found, the files were first downloaded, and then scanned for the second time, for things like passwords . Sysdig says that more than 15,000 cloud account credentials were stolen this way, and later used either in phishing and spam campaigns, or sold directly to other cybercriminals. Apparently, theres plenty of money to be made with this discovery, since just a list of URLs pointing to exposed Git configuration files go for roughly $100 on Telegram groups.

    In total, the stolen archives were 1TB in size, and included 15,000 credentials from 67,000 URLs. Of all of the exposed URLs, 28,000 corresponded to Git repositories, 6,000 to GitHub tokens, and 2,000 were confirmed as active credentials.

    Defending against this type of attack isnt difficult, just make sure to use a dedicated secret management tool to store the secrets.

    Via BleepingComputer More from TechRadar Pro Major new malware campaign hits thousands of WordPress sites Here's a list of the best firewalls today These are the best endpoint protection tools right now



    ======================================================================
    Link to news story: https://www.techradar.com/pro/security/thousands-of-cloud-credentials-stolen-f rom-exposed-git-config-files


    --- Mystic BBS v1.12 A47 (Linux/64)
    * Origin: tqwNet Technology News (1337:1/100)