Blog
Share This Post
[ad_1]
BleepingComputer reports that more than 15,000 cloud account credentials belonging to private repositories have been exfiltrated by the EmeraldWhale threat operation from exposed Git configuration files, which are leveraged for repository paths and authentication details.
Attacks by EmeraldWhale involved the utilization of the ‘httpx’ and ‘Masscan’ open-source tools to scan websites and determine exposure of the /.git/config file and environment files in Laravel apps, according to a Sysdig report. Verification of the exposed tokens would then be followed by the download of the private repositories, which have been subjected to another scan aimed at uncovering AWS, cloud, and email service authentication secrets, said researchers. Such stolen data — which had been exfiltrated to another victim’s S3 bucket — was obtained from 67,000 URLs, more than a third of which were Git repositories, with GitHub accounting for most of the compromised credentials. Attackers also engaged in the trade of exposed Git configuration file URL lists on Telegram, researchers added.
Get essential knowledge and practical strategies to fortify your cloud security.
[ad_2]
Source link
Subscribe To Our Newsletter
Get updates and learn from the best
More To Explore
US Charges Five People Over North Korean IT Worker Scheme
[ad_1] The US has announced charges against five individuals involved in a fake IT workers scheme to funnel funds to
In Other News: VPN Supply Chain Attack, PayPal $2M Settlement, RAT Builder Hacks Script Kiddies
[ad_1] Noteworthy stories that might have slipped under the radar: Korean VPN supply chain attack, PayPal settles with New York
