Skip to main content

Hackers could use this nasty bug to expose government websites

Approximately 332,000 websites were exposed to bad actors as a result of a vulnerability in the open-source development tool Git, according to cybersecurity researchers from Defense.com.

As reported by TechRadar, among those websites, 2,500 are associated with .gov domain in different countries, leaving various organizations at risk of online attacks and nefarious use of data.

A digital encrypted lock with data multilayers.
Digital encrypted Lock with data multilayers. Getty Images

Researchers claim that the vulnerability has come about not so much due to an issue with Git, but due to users’ not protecting their files with proper antivirus protocols. Due to the nature of open-source tools being the most basic code of any program, they can easily be tampered with if not safeguarded. In this case, hackers can get access to folders and download data from government agencies.

Recommended Videos

“Open-source technology always has the potential for security flaws, being rooted in publicly accessible code. However, this level of vulnerability is not acceptable,” Oliver Pinson-Roxburgh, CEO of Defense.com, told TechRadar.

He added that the U.K. government was among the organizations with its domains exposed that should “monitor their systems and take immediate steps to remediate risk.”

Defense.com researchers further explained that a single file within a folder can contain the data of a full codebase history, including “previous code changes, comments, security keys, as well as sensitive remote paths containing secrets and files with plain-text passwords.” Typically, users with such access might be those with credentials to fix issues rather than exploit them. Certain folders do hold login credentials and API keys, which can give unfriendly users access to even more sensitive information.

Pinson-Roxburgh noted that some organizations might leave certain folders open for their own specific purposes; however, there are still many others that might unknowingly be under threat of a data breach.

Git serves a very popular user base of over 80 million active users. It can be a reminder for organizations to update antivirus protocol, especially when it comes to open-source programs.

Recently, the cybersecurity firm Buguard reported on the brand Wiseasy, which is well-known in the Asia-Pacific region for its Android-based payment system. Its accompanying Wisecloud cloud service was hacked through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace. This allowed bad players to infiltrate the brand’s database and gain access to 140,000 payment terminals globally.

Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication. Android is also well-known for being open source at its core.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
This major Apple bug could let hackers steal your photos and wipe your device
A physical lock placed on a keyboard to represent a locked keyboard.

Apple’s macOS and iOS are often considered to be more secure than their rivals, but that doesn’t make them invulnerable. One security team recently proved that by showing how hackers could exploit Apple’s systems to access your messages, location data, and photos -- and even wipe your device entirely.

The discoveries were published on the blog of security research firm Trellix, and will be of major concern to iOS and macOS users alike, since the vulnerabilities can be exploited on both operating systems. Trellix explains that Apple patched the exploits in macOS 13.2 and iOS 16.3, which were released in January 2023, so you should update your devices as soon as you can.

Read more
Hackers used 30,000 computers for record-breaking DDoS attack
An illustration of a grid of devices with one in red, infected device highlighted.

Hackers launched a record-breaking distributed denial of service (DDoS) attack over the weekend, employing a network of botnets to make requests from over 30,000 IP addresses.

While that isn't a big network of computers, the onslaught was able to exceed 71 million requests per second (rps), surpassing the previous record of 46 million rps set in June 2022 by 35%. This is what's known as a volumetric attack that consumes the target website's bandwidth by sending large amounts of data from multiple sources at once.

Read more
Hackers stole $1.5 million using credit card data bought on the dark web
A credit card is passed from one person to another.

In what sounds like a movie script, over $1 million was stolen by a group that made use of thousands of credit cards posted for sale on the dark web. Some of the details of this complex cybercrime operation have come to light following an indictment by the U.S. Department of Justice.

In the United States v. Trevor Osagie, the defendant has pled guilty to conspiracy to commit credit card fraud from 2015 to 2018. Osagie worked with a network of thieves and managed to rack up over $1.5 million in damages.

Read more