Researchers have found thousands of publicly exposed and misconfigured container registries and artifact repositories belonging to businesses that could give attackers access to access tokens, encryption keys, and other sensitive information about internal systems. This information can allow attackers to plan and execute attacks against production and development systems, and in some cases even inject malicious code into repositories.
“In many cases artifact management systems and container registries are connected to the internet deliberately and by design allowing anonymous users to connect to various areas in the registry or even to the entire registry,” researchers from cloud security firm Aqua Security said in a report. “This design allows global teams, customers, and other stakeholders access to open-source software that is shared across the company or with outside users. In some cases, however, restricted environments are accidentally shared with anonymous users; in other cases teams accidentally publish sensitive information to public areas.”
To read this article in full, please click here
More Stories
Deepfake Defense: Your 8-Step Shield Against Digital Deceit
A disturbing story out of western Spain spotlights challenges of technological evolution. Unwitting children and teenagers were victims of users...
Friday Squid Blogging: Influencer Accidentally Posts Restaurant Table QR Ordering Code
Another rare security + squid story: The woman—who has only been identified by her surname, Wang—was having a meal with...
Safer AI: Four Questions Shaping Our Digital Future
Depending on the day’s most popular headlines, AI is either a panacea or the ultimate harbinger of doom. We could...
UK and US expose Russian hacking plot intended to influence UK’s 2019 elections and spread disinformation
Two men have been charged with hacking into computer networks in the United States, UK, other NATO countries, and Ukraine,...
New Bluetooth Attack
New attack breaks forward secrecy in Bluetooth. Three. news articles. The vulnerability has been around for at least a decade....
ICO Warns of Fines for “Nefarious” AI Use
UK privacy regulator, the information commissioner, says illegal use of AI will be punished with fines Read More