By TechThop Team
Posted on: 18 Aug, 2022
The open-source development tool Git is vulnerable to bad actors, leading to the compromise of about 332,000 websites.The website collection includes 2,500 .gov domains, which puts many organizations at risk of online attacks and nefarious use of data, according to TechRadar.
The vulnerability is not so much due to Git itself, but rather to users failing to use antivirus protocols to protect their files. In the absence of safeguards, open-source tools can easily be tampered with because they are the most basic code in any program. Hackers can access folders and download data from government agencies in this case.
It is always possible for open-source technology to have security flaws since its source code is publicly accessible. In any case, this level of vulnerability is not acceptable,' Oliver Pinson-Roxburgh, CEO of Defense.com, told TechRadar.
In addition, the British government had its domain exposed, and it was advised to 'monitor its systems and take immediate remedial steps.'
Employee computer passwords were stolen by malware and sold on the dark web to hack its Wisecloud cloud service. 140,000 payment terminals around the world were compromised as a result of the infiltration of the brand's database by bad players.
The researchers at Defense.com explained that one file in a folder can contain a complete history of a codebase, including 'previous code changes, comments, security keys, as well as sensitive remote paths with secrets and plain-text passwords.'
Certain organizations can leave certain folders open for their specific purposes; however, many others might unknowingly be at risk of a data breach.
Such access is usually granted to those with credentials to fix problems rather than exploit them. The contents of certain folders can include login credentials and API keys, giving unfriendly users access to even more sensitive information.
The Git software is very popular with over 80 million active users. It may serve as a reminder for organizations to update their antivirus protocols, especially regarding open-source programs.
The cybersecurity firm Buguard recently reported on Wiseasy, a popular Android-based payment system in the Asia-Pacific region.
The popular payment system brand lacked two-factor authentication, one of the most common security features. It is also well known that Android is a free and open-source operating system.
For more stories like this
Explore our website