Open source bug leaves hundreds of thousands of sites open to attack

Hundreds of thousands of websites, including thousands using the .gov domain, are at risk of data loss , experts have warned. Cybersecurit...

Hundreds of thousands of websites, including thousands using the .gov domain, are at risk of data loss, experts have warned.

Cybersecurity researchers from Defense.com have discovered a vulnerability in the open source development tool Git which, if not addressed, allows threat actors the keys to the kingdom.

Apparently, there is a number of .git folders that need to be hidden, but in many cases, are not. While a serious flaw, it’s not directly Git’s fault, the researchers are saying, but rather Git users failing to follow best practice. With the help of a specially crafted Google dork, a threat actor would be able to find these folders, and download their contents. 

Eliminating risk

The files contained within these folders usually hold entire codebase history, previous code changes, comments, security keys, as well as sensitive remote paths containing secrets and files with plain-text passwords. Besides the obvious threat of exposing passwords and sensitive data, there’s also a hidden threat - hackers could review the code and find additional flaws which they probably won’t be fixing but instead - abusing. What’s more, these folders could contain database credentials and API keys, further giving threat actors access to sensitive user data. 

In total, Defense.com says, 332,000 websites were found as potentially vulnerable, including 2,500 residing on the .gov domain. 

Open source technology always has the potential for security flaws, being rooted in publicly accessible code. However, this level of vulnerability is not acceptable,” commented Oliver Pinson-Roxburgh, CEO of Defense.com. “Organizations, including the UK government, must ensure they monitor their systems and take immediate steps to remediate risk.”

Git is a hugely popular open-source version control system, counting more than 80 million active users, Pinson-Roxburgh adds, saying this type of vulnerability, on such a popular platform, can have “serious consequences” for affected firms. 

“Whilst it is true that some folders would have been purposefully left accessible, the vast majority will be unaware of the threat they are facing,” he concluded. 



from TechRadar - All the latest technology news https://ift.tt/h8aW7we
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3857,Business,150,Camera,1155,Earn $$$,2,Gadgets,1740,Games,926,GTA,1,Innovations,2,Mobile,1696,Paid Promotions,4,Promotions,4,Sports,1,Technology,7964,Trailers,796,Travel,37,Trending,3,Trendly News,24435,TrendlyNews,1,Video,5,XIAOMI,13,YouTube - 9to5Google,1,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Open source bug leaves hundreds of thousands of sites open to attack
Open source bug leaves hundreds of thousands of sites open to attack
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2022/08/open-source-bug-leaves-hundreds-of.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2022/08/open-source-bug-leaves-hundreds-of.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy