Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject malicious code into repositories.
“In many cases artifact management systems and container registries are connected to the internet deliberately and by design allowing anonymous users to connect to various areas in the registry or even to the entire registry,” researchers from cloud security firm Aqua Security said in a report. “This design allows global teams, customers, and other stakeholders access to open-source software that is shared across the company or with outside users. In some cases, however, restricted environments are accidentally shared with anonymous users; in other cases teams accidentally publish sensitive information to public areas.”
More Stories
Black Basta Ransomware Victim Count Tops 500
Affiliates of prolific Black Basta ransomware group have breached over 500 global organizations Read More
Threat Actor Claims Major Europol Data Breach
A threat actor known as IntelBroker claims to be selling confidential Europol data after a May breach Read More
Friday Squid Blogging: Squid Mating Strategies
Some squids are “consorts,” others are “sneakers.” The species is healthiest when individuals have different strategies randomly. As usual, you...
New Attack Against Self-Driving Car AI
This is another attack that convinces the AI to ignore road signs: Due to the way CMOS cameras operate, rapidly...
UK’s AI Safety Institute Unveils Platform to Accelerate Safe AI Development
The UK's open source AI safety evaluation platform, Inspect, is set to empower global collaboration for safer AI development Read...
Boeing refused to pay $200 million LockBit ransomware demand
Boeing has confirmed that it received a demand for a massive $200 million after a ransomware attack by the notorious...