- Microsoft IIS Servers Targeted by Lazarus - August 18, 2023
- AI-Powered Hacker Threats - August 18, 2023
- Attacks Against Ukraine and Poland Continue to Use the PicassoLoader Malware - August 18, 2023
The experts discovered many artifacts and container images that had been left unprotected in multiple registries and repositories.
Software registries are used by development teams to store, administer, and disseminate applications, whereas repositories are used for the storage and upkeep of specific software packages. Artifact management solutions assist businesses in managing software project artifacts such as source code, binaries, documentation, and build artifacts.
Companies that employ open source frequently attach their registries and artifact management systems to the web for convenience. However, this has resulted in a spike in cyberattacks on these systems by cybercriminals looking to infiltrate business software development processes.
Aqua Security experts in cybersecurity stated that unprotected software registries and repositories are putting many organizations, including large companies, at risk of data theft and compromise. Hackers implicate malicious code into development environments and gain access to extremely private data, such as passwords and API.
The analysis discovered more than 250 million software artifacts and 65,000 container images on the web, including roughly 3,000 container image registries providing anonymous access. Aqua found sensitive data on 1,400 hosts and private addresses for endpoints on 156 hosts.
“It is critical that organizations of all sizes around the world take the time to review the security of their registries, both public and private,” suggests Assaf Morag, Lead Threat and Data Analyst at Aqua Security.
“Organizations that have code in public registries or that have connected their registries to the Internet and allow anonymous access should ensure that their code and registries do not contain secrets, intellectual property or confidential information,” added Morag.
How to Prevent the Attacks
When companies share their computer programs with others, they should make sure they don’t include any important secrets or private information that should be kept safe.
Sometimes, companies accidentally make it easy for threat actors to steal their secrets by putting them in places where anyone can see them. To prevent this, it’s important to only give access to those who really need it and to adhere to cybersecurity measures to keep everything safe.