Hackers stole source code from government agencies, private firms'

SAN FRANCISCO: The US Federal Bureau of Investigation (FBI) has issued a security alert saying threat actors have stolen source code from government agencies and private firms and are abusing it to gain access to critical information. The FBI alert warned the owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments.

The actors exploit known configuration vulnerabilities, allowing them to gain access to proprietary code, exfiltrate it and post the data publicly.

The FBI has identified multiple potential computer intrusions that correlate to leaks associated with SonarQube configuration vulnerabilities.

"SonarQube apps are installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems," reports ZDNet.

According to the FBI, some companies have left these systems unprotected, running on their default configuration with default admin credentials.

"In August 2020, unknown threat actors leaked internal data from two organizations through a public lifecycle repository tool. The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations' networks," the FBI said in the alert. (IANS)

Also Watch: 'All Schemes Announced by Sarbananda Sonowal Govt Being Implemented'

Also Read: Not in UP or Bihar, man in Assam pulls out a gun after bus mishap