Skip to main content
  1. Home
  2. Computing
  3. News

Hackers could use this nasty bug to expose government websites

Add as a preferred source on Google

Approximately 332,000 websites were exposed to bad actors as a result of a vulnerability in the open-source development tool Git, according to cybersecurity researchers from Defense.com.

As reported by TechRadar, among those websites, 2,500 are associated with .gov domain in different countries, leaving various organizations at risk of online attacks and nefarious use of data.

A digital encrypted lock with data multilayers.
Digital encrypted Lock with data multilayers. Getty Images

Researchers claim that the vulnerability has come about not so much due to an issue with Git, but due to users’ not protecting their files with proper antivirus protocols. Due to the nature of open-source tools being the most basic code of any program, they can easily be tampered with if not safeguarded. In this case, hackers can get access to folders and download data from government agencies.

Recommended Videos

“Open-source technology always has the potential for security flaws, being rooted in publicly accessible code. However, this level of vulnerability is not acceptable,” Oliver Pinson-Roxburgh, CEO of Defense.com, told TechRadar.

He added that the U.K. government was among the organizations with its domains exposed that should “monitor their systems and take immediate steps to remediate risk.”

Defense.com researchers further explained that a single file within a folder can contain the data of a full codebase history, including “previous code changes, comments, security keys, as well as sensitive remote paths containing secrets and files with plain-text passwords.” Typically, users with such access might be those with credentials to fix issues rather than exploit them. Certain folders do hold login credentials and API keys, which can give unfriendly users access to even more sensitive information.

Pinson-Roxburgh noted that some organizations might leave certain folders open for their own specific purposes; however, there are still many others that might unknowingly be under threat of a data breach.

Git serves a very popular user base of over 80 million active users. It can be a reminder for organizations to update antivirus protocol, especially when it comes to open-source programs.

Recently, the cybersecurity firm Buguard reported on the brand Wiseasy, which is well-known in the Asia-Pacific region for its Android-based payment system. Its accompanying Wisecloud cloud service was hacked through employees’ computer passwords being stolen by malware and ending up on the dark web marketplace. This allowed bad players to infiltrate the brand’s database and gain access to 140,000 payment terminals globally.

Notably, the popular payment system brand lacked commonly recommended security features, such as two-factor authentication. Android is also well-known for being open source at its core.

Fionna Agomuoh
Fionna Agomuoh is a Computing Writer at Digital Trends. She covers a range of topics in the computing space, including…
Intel may bring back older desktop CPUs because DDR5 is getting too expensive
Older Intel Core CPUs from 10th to 14th Gen may get a second life
Intel Core i5-12400F box sitting in front of a gaming PC.

Intel may be preparing an unusual response to the ongoing memory crunch. According to Chinese outlet ITHome, citing ChannelGate, the company’s latest production plan includes restarting production of 13th-gen and 14th-gen Core processors.

The move is expected to increase supply across Intel’s 10th, 12th, 13th, and 14th Gen CPU families, especially in mainland China. For DIY PC builders, the timing is important. DDR5 memory prices have climbed sharply, making newer platforms harder to justify for anyone trying to build an affordable gaming PC.

Read more
Amazon wants to design in-house chips for Kindles, Fire TV, and Echo speakers
Apple did it first. Amazon is doing it now, starting with 40 million chips a year and a partner most people have never heard of.
Amazon Kindle Scribe dark mode featured image.

Apple's decision to design its own chips reshaped the consumer electronics industry. Amazon may be about to make the same call, just about two decades later.

Supply chain analyst Ming-Chi Kuo reports that Amazon is preparing to shift away from externally sourced processors for its consumer electronics lineup, marking what he describes as the company's first major processor procurement change in 20 years. The transition is expected to begin in 2027.

Read more
AI wants to summarize it all. TripAdvisor’s misleading reviews show AI will also ruin your travel plans
Spotless, friendly, and totally wrong. AI summaries are hiding the reviews that actually matter.
Tripadvisor logo on MacBook

Planning a trip is stressful enough without wondering if the glowing hotel summary you just read was written by an AI that skipped the scary parts. As it turns out, that might be exactly what's happening on TripAdvisor.

According to an investigation by consumer group Which?, reported by the Guardian, TripAdvisor's AI-generated review summaries are smoothing over serious guest complaints, and in some cases, downright dangerous ones.

Read more