Hackers steal 15,000 cloud credentials from exposed Git config files

A large-scale malicious operation named "EmeraldWhale" scanned for exposed Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories.

Git configuration files, such as /.git/config or .gitlab-ci[.]yml, are used to define various options like repository paths, branches, remotes, and sometimes even authentication information like API keys, access tokens, and passwords.

According to Sysdig, who discovered the campaign, the operation involves using automated tools that scan IP ranges for exposed Git configuration files, which may include authentication tokens.

These tokens are then used to download repositories stored on GitHub, GitLab, and BitBucket, which are scanned for further credentials.

See more: https://www.bleepingcomputer.com/news/security/hackers-steal-15-000-cloud-credentials-from-exposed-git-config-files/

#cybersecurity #git 

 Honeypot Surprise: Researchers Catch Attackers Exposing 15,000 Stolen Credentials in S3 Bucket

Sysdig researchers trace a bizarre S3 bucket misconfiguration to EmeraldWhale, exposing 1.5 terabytes of stolen credentials and script.

See more: https://www.securityweek.com/honeypot-surprise-researchers-catch-attackers-exposing-15000-stolen-credentials-in-s3-bucket/

#cybersecurity

nostr:nevent1qqszc3fufljcn06t48x7jwmuppvw0xw2kyxzvldyt9u4sx7hcxz8v0qpzpmhxue69uhkummnw3ezumt0d5hsygqkl5n0qqz57es4r34a0yj7mm6ptpss8tce63zlj0mx7h3ykdzz0gpsgqqqqqqs4uh9a7