Security through data

MAIN

  • Home
  • Alerts
  • Blog
  • Events
  • Incidents
  • Tutorials

FEATURED

  • AI
  • Privacy
  • Cryptocurrency
  • Blockchain
  • IoT
  • Deep Web
  • Threat Actors
  • Social Engineering
  • Phishing
  • Malware
  • E-Commerce
  • Deepfake
  • Quantum Computing

COMPANY

  • About us
  • Advertise
  • Legal & Policy
Cybermaterial
  • CATEGORIES
    • Cyber101
      • Definition
      • Quote
    • Document
      • Cheat Sheet
      • Paper
      • Report
    • Education
      • Certification
      • Course
    • Entertainment
      • Documentary
      • Game
      • Meme
      • Movie
      • TV Show
    • Learning
      • Book
      • Lexicon
      • Podcasts
      • Tutorials
    • Tool
      • Hardware
      • Software
No Result
View All Result
Contact Us
Cybermaterial
  • CATEGORIES
    • Cyber101
      • Definition
      • Quote
    • Document
      • Cheat Sheet
      • Paper
      • Report
    • Education
      • Certification
      • Course
    • Entertainment
      • Documentary
      • Game
      • Meme
      • Movie
      • TV Show
    • Learning
      • Book
      • Lexicon
      • Podcasts
      • Tutorials
    • Tool
      • Hardware
      • Software
No Result
View All Result
Contact Us
Cybermaterial
No Result
View All Result

Cyber Actors Target Misconfigured SonarQube Instances to Access Proprietary Source Code of US Government Agencies and Businesses

by FBI

in Alerts
1 min read
November 9, 2020
Alert Number
MU-000136-MW

Cyber Actors Target Misconfigured SonarQube Instances to Access Proprietary Source Code of US Government Agencies and Businesses.

 

Since April 2020, unidentified cyber actors have actively targeted vulnerable SonarQube instances to access source code repositories of US government agencies and private businesses. The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it, and post the data publicly. The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.

Technical Details Beginning in April 2020, the FBI observed source code leaks associated with insecure SonarQube instances from US government agencies and private US companies in the technology, finance, retail, food, eCommerce, and manufacturing sectors. SonarQube is an open-source automatic code review tool that detects bugs and security vulnerabilities in source code. In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations’ networks. This activity is similar to a previous data leak in July 2020, in which an identified cyber actor exfiltrated proprietary source code from enterprises through poorly secured SonarQube instances and published the exfiltrated source code on a self-hosted public repository.

READ MORE

Tags: AlertCybersecurityDepartment of defenseDOFProposalRequestSonarQube
29
VIEWS

More Alerts

CISA and CNMF Analysis of SolarWinds-related Malware
Alerts

CISA and CNMF Analysis of SolarWinds-related Malware

April 22, 2021
Google Releases Security Updates for Chrome
Alerts

Google Releases Security Updates for Chrome

April 22, 2021
Juniper Networks Releases Security Updates
Alerts

Juniper Networks Releases Security Updates

April 22, 2021

MORE

APIs

Google Maps Places REST API

October 5, 2020
Podcasts

Data Driven Security Podcast

September 27, 2020
Definition

Stealth viruses

January 16, 2021
Definition

Generative Adversarial Networks (GAN)

December 5, 2020
ADVERTISEMENT

Tags

Books Cybersecurity Hackers Malware Memes Movies Quantum Computing Report Software Word of the day

© 2021 | CyberMaterial | All rights reserved.

SECURITY THROUGH DATA

No Result
View All Result
  • Home
  • Alerts
  • Cyber Incidents
  • Blog
  • Events
  • Tutorials
  • Featured
    • AI
    • Privacy
    • Cryptocurrency
    • Blockchain
    • IoT
    • Deep Web
    • Threat Actors
    • Social Engineering
    • Deepfake
    • E-Commerce
    • Malware
    • Phishing
    • Quantum Computing

© 2020 CyberMaterial - Cyber Decoded.

This website uses cookies. By continuing to use this website you are giving consent to cookies being used. Visit our Privacy and Cookie Policy.