SIMonline

Service receive & sending SMS

Hundreds of Git Vaults Have Been Hacked

394   |     /   Security

Hundreds of Git Vaults Have Been Hacked
Cybercriminals erase the repositories of GitHub, GitLab and Bitbucket and ask their owners to pay a ransom for data recovery. Vulnerable Git service providers believe that cybercriminals used compromised credentials to access their accounts.



You need to receive SMS messages to someone else's phone number, you will be helped by the purchase of virtual numbers, the most affordable rental prices.

Developers began reporting that their Git repositories had been deleted and that they had been provided with a ransom note requiring 0.1 bitcoin to recover data.

“To recover a lost code and avoid its leakage: send us 0.1 Bitcoin (BTC) to our bitcoin address 1ES14c7qLb5CYhLMUekctxLgc1FV2Ti9DA and contact us by email at admin (at) gitsbackup.com, indicating your Git login and payment confirmation. If you are not sure that we have your data, contact us and we will send you a confirmation. Your code is uploaded and backed up on our servers. If we do not receive your payment within the next 10 days, we will make your code publicly available or use it differently, ”the ransom note says.

The attack was aimed at users of GitHub, GitLab and Bitbucket, and there seem to be hundreds of victims. However, the Bitcoin address from the ransom note indicates that none of them paid the ransom.

GitLab, GitHub, and Bitbucket investigated these incidents, and they all believe that attacks include hacked credentials. Service providers work with affected customers to help them restore their repositories.

It appears that the attackers - at least in some cases - obtained credentials for compromised accounts from .git / config files. Bad Packets has confirmed that attackers scanned the Internet for open Git credentials.

“We identified the affected user accounts, and all these users were notified. As a result of our research, we have convincing evidence that compromised accounts have account passwords that are stored in clear text when the corresponding repository is deployed, ”said Katy Wang, GitLab Security Director. “We strongly recommend that you use password management tools to store passwords more securely and enable two-factor authentication wherever possible, and both of them would prevent this problem.”


Similar news


AdBlock Vulnerability Endangers Users

People use ad blockers for a number of reasons. Some block ads because of annoyance or frustration. Others do this to protect their privacy or to keep malicious ads out of the way. Millions did not know that their desire to block content opened the door to cyber attacks.

DoS attack on PLC can disrupt physical processes

The research team has demonstrated an interesting type of denial of service (DoS) attack on programmable logic controllers (PLCs), where network overflows can disrupt the physical process controlled by the device.

New Edge Web Browser for Test Drive

Last December, Microsoft made an amazing discovery. The company was rebuilding its application to improve web browsing in Windows 10 - Edge - from scratch. Surprise turned to distrust when Microsoft announced that the new Edge would be built using the same code as Google Chrome.



SIMONLINE.SU

This is not only a service for receiving and sending SMS messages to virtual numbers, but also a tutorial on user safety in the modern world, the latest developments in IT, social media security, fresh programs and lessons that simplify our lives. So are other issues encountered by the average user. In simple words, each user will find for themselves something interesting or answers to their questions.

SIMonline © 2018 - 2020

All rights reserved