2,500 of those websites, according to TechRadar, are linked to .gov domains in various nations, putting diverse businesses in danger of cyberattacks and malicious data usage.
Researchers assert that users’ failure to apply suitable antivirus methods to secure their data is more to blame for the vulnerability than a problem with Git. Open-source tools have the simplest code of any software; thus, if they’re not protected, they may be altered. In this scenario, hackers might access files and extract information from government organizations.
“Because open-source software is built on publicly available code, security issues are always possible. However, this vulnerability is intolerable,” Defense.com CEO Oliver Pinson-Roxburgh told TechRadar.
The U.K. government, he continued, was one of the entities whose domains had been exposed, and they needed to “watch their systems and take urgent action to remediate risk.”
Researchers from Defense.com said that a single file within a folder may have all of a codebase’s historical information, including “past code modifications, comments, security keys, as well as sensitive remote routes holding secrets and files with plain-text passwords.” Certain folders include API keys and login information, which might provide unauthorized individuals access to even more sensitive data. Users with this kind of access frequently possess the credentials to resolve problems rather than take advantage of them.
For their own unique goals, some firms could keep certain files open, but many others could unintentionally be at risk of a data breach, according to Pinson-Roxburgh.
Over 80 million active users make up Git’s large user base. It may serve as a timely reminder for businesses to upgrade their antivirus protocols, particularly when it comes to open-source software.
The brand Wiseeasy, which is well-known in Asia-Pacific for its Android-based payment system, was recently covered by the cybersecurity company Buguard. Its companion Wisecloud cloud service was compromised due to malware stealing staff computer credentials and selling them on the dark web. This gave malicious users access to the brand’s database and 140,000 payment terminals worldwide.
The well-known payment system brand lacked widely advised security precautions, including two-factor authentication. Another well-known aspect of Android is that its foundation is free source.
This isn’t the first time government official websites have been comprised. Just this July of 2022, the Iranian Islamic Culture and Communication Organization was attacked by hackers (ICCO). The assault erased databases and computers, brought down at least six websites, posted pictures of Iranian opposition leaders on fifteen other domains and gave hackers access to private ICCO information.
The interior and defense ministries of Belgium were also among the targets of a cyber espionage effort by China, according to Belgium’s foreign ministry. Another hacker in China advertised data online on the pretense of having obtained data of 1 billion Chinese people from a Shanghai police database.