Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Leak Source Code. Show all posts

Mercedes-Benz Accidentally Leaked Private Data, Including Source Code

 

Mercedes-Benz unintentionally leaked a trove of internal data by leaving an obscure key online that gave "unrestricted access" to the company's source code, according to the security research team that unearthed it. 

TechCrunch was notified of the exposure by RedHunt Labs' co-founder and chief technology officer Shubham Mittal, who also requested help in notifying the automaker. The London-based cybersecurity firm claimed that during a standard internet scan in January, it found the authentication token of a Mercedes employee in a public GitHub project.

According to Mittal, this token, which is a substitute to using a password for authentication on GitHub, could allow anyone complete access to Mercedes's GitHub Enterprise Server, allowing them to acquire the company's proprietary source code repositories. 

“The GitHub token gave ‘unrestricted’ and ‘unmonitored’ access to the entire source code hosted at the internal GitHub Enterprise Server,” Mittal explained. “The repositories include a large amount of intellectual property… connection strings, cloud access keys, blueprints, design documents, [single sign-on] passwords, API Keys, and other critical internal information.”

Mittal provided TechCrunch evidence that Mercedes source code, a Postgres database, and keys for Microsoft Azure and Amazon Web Services (AWS) were all there in the exposed repository. If any customer data was present in the repositories is unknown. 

Mercedes was informed of the security flaw by TechCrunch on Monday of last week. Mercedes official Katja Liesenfeld stated on Wednesday that the company has revoked the respective API token and removed the public repository immediately. 

“We can confirm that internal source code was published on a public GitHub repository by human error. The security of our organisation, products, and services is one of our top priorities. We will continue to analyse this case according to our normal processes. Depending on this, we implement remedial measures,” Liesenfeld added. 

Mercedes declined to comment on whether it was aware of any unauthorised access by third parties to the leaked data or whether it possesses the technological know-how, such as access logs, to ascertain whether unauthorised access to its data repositories occurred. The representative gave vague security justifications. 

The personal information of Hyundai Motor India customers who had their vehicles serviced at Hyundai-owned stations throughout India, including names, mailing addresses, email addresses, and phone numbers, was exposed due to a bug that was fixed by the company's India subsidiary, as TechCrunch exclusively reported earlier this month.

VMware ESXi Ransomware on the Rise Due to Leaked Babuk Code

 

Security experts claim to have discovered ten distinct ransomware families that have recently diverged from Babuk, a ransomware outbreak whose source code was exposed online in 2021. 

Hackers have been using leaked source code from well-known ransomware firms like LockBit, Conti, and REvil for years, experts in the field have long warned. SentinelLabs claimed in research made public on Thursday that about a dozen organisations have created their own malware based on Babuk.

The Babuk Locker ransomware builder was made publicly available online in June 2021, making it simple for any would-be criminal organisation to enter the ransomware market with little to no development work. 

Hackers are drawn to the Babuk Locker "builder" because it allows them to make unique variations of the Linux-based Babuk Locker ransomware that can be used to attack the common ESXi servers used by big organisations and corporations.

“Over the past two years, organized ransomware groups adopted Linux lockers, including ALPHV, Black Basta, Conti, Lockbit, and REvil,” SentinelLabs’ Alex Delamotte stated. “These groups focus on ESXi before other Linux variants, leveraging built-in tools for the ESXi hypervisor to kill guest machines, then encrypt crucial hypervisor files.” 

According to Delamotte, the ten versions they found appeared in the second half of 2022 and the first part of 2023, indicating "an increasing trend of Babuk source code adoption." 

SentinelLabs discovered connections between the stolen Babuk source code and the ESXi lockers of numerous well-known ransomware organisations, including Conti, REvil, Play, and Ransom House, which have all been linked to some of the most damaging intrusions in the past two years.

In order to create ESXi lockers for themselves, smaller ransomware organisations have adopted the Babuk source code. 

To contrast it to the other versions of the Babuk that are available online, SentinelLabs created what they referred to as a "baseline" Babuk. The way the malware encrypted documents and coding resemblances were among the numerous connections they discovered. 

The researchers also noted that Babuk and ESXiArgs, which raised concerns in February after more than 3,800 organisations in the US, France, and Italy were attacked, hardly had any similarities. At the time, some falsely accused Babuk of being responsible for the series of attacks that targeted Rice University, the Georgia Institute of Technology, and the Supreme Court of Florida.