Monday, April 19, 2021
Home Lead Story FBI: Hackers Stole Source Code From Government Agencies And Private Firms

FBI: Hackers Stole Source Code From Government Agencies And Private Firms

This activity is similar to the previous data leak in July 2020

The US Federal Bureau of Investigation (FBI) has issued a security alert saying threat actors have stolen source code from government agencies and private firms and are abusing it to gain access to critical information.

The FBI alert warned the owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling outcode and applications into production environments.

The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.

Follow NewsGram on Instagram to keep yourself updated.
“SonarQube apps are installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems,” reports ZDNet. According to the FBI, some companies have left these systems unprotected, running on their default configuration with default admin credentials.

Source code
Hackers are abusing it to gain access to critical information. Pixabay

“In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks,” the FBI said in the alert.

This activity is similar toa previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances and published the exfiltrated source code on a self-hosted public repository.

The FBI suggested the firms change the SonarQube default settings, including changing the default administrator username, password, and port (9000).

“Place SonarQube instances behind a login screen, and check if unauthorized users have accessed the instance and revoke access to any application programming interface keys or other credentials that were exposed in a SonarQube instance, if feasible,” the agency suggested. (IANS)

STAY CONNECTED

19,517FansLike
362FollowersFollow
1,773FollowersFollow

Most Popular

Can Ayurveda Be Tapped To Fight Covid-19 virus? : Study

Even though Covid-19 vaccination is in full swing, the pandemic continues to affect a huge population, severely affecting the country's economic and social fabric....

What Is The Significance Of World Heritage Day 2021?

April 18 is observed as World Heritage Day or the International Day for Monuments and Sites. Proposed by the International Council on Monuments and...

New Self Cleaning Material To Aid Reuse Of Face Masks, PPE

Researchers at the Indian Institute of Technology Mandi have developed a novel virus-filtering, self-cleaning and antibacterial material that can be used to make and...

Regardless Of Ethnic Influences, Jewish Food Adheres To A Strict Dietary Code

When a community decreases in numbers, its traditional food becomes a memory and it is to ensure that this memory prevails that award-winning author...

Is Congress Willing To Open Its Doors For Cherian Phillip?

At one point of time in Kerala in the late eighties and nineties and till he left the Congress in a huff in 2001,...

In The Last 12 Months, 1 In Every 2 Indian Adults Was A Victim Of Cybercrime

More than one in two Indian adults (59 percent) experienced cybercrime in the last 12 months, as seven in 10 Indian adults (among those...

Here Are Some Ideas To Make Your Flooring Look More Appealing

Before finalizing the design of the flooring of your home, keep in mind some aspects such as textures, material, and finish. Decorating the floors...

Twelve Of Europe’s Top Football Clubs Formed A New Breakaway Super League

Twelve of Europe's top football clubs launched a breakaway Super League on Sunday, launching what is certain to be a bitter battle for control...

Recent Comments