Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 7 submissions in the queue.

FBI: Hackers Stole Source Code from US Government Agencies and Private Companies

posted by Fnord666 on Friday November 13 2020, @08:34AM   Printer-friendly
from the change-your-defaults! dept.
Security

upstart writes in with an IRC submission:

FBI: Hackers stole source code from US government agencies and private companies:

The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses.

[...] SonarQube apps are installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems.

But the FBI says that some companies have left these systems unprotected, running on their default configuration (on port 9000) with default admin credentials (admin/admin).

FBI officials say that threat actors have abused these misconfigurations to access SonarQube instances, pivot to the connected source code repositories, and then access and steal proprietary or private/sensitive applications.

Original Submission

This discussion has been archived. No new comments can be posted.
FBI: Hackers Stole Source Code from US Government Agencies and Private Companies | Log In/Create an Account | Top | 4 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
(1)

  • (Score: 0, Informative) by Anonymous Coward on Friday November 13 2020, @08:43AM (1 child)

    by Anonymous Coward on Friday November 13 2020, @08:43AM (#1076963)

    Why were cellular modems allowed in voting machines? Both democrats and republicans must have signed off on this practice.

    https://www.nbcnews.com/politics/elections/online-vulnerable-experts-find-nearly-three-dozen-u-s-voting-n1112436 [nbcnews.com]

    Frankly this is too stupid and delegitimatizes this election and all others that used these machines.

    • (Score: 3, Insightful) by Freeman on Friday November 13 2020, @04:24PM

      by Freeman (732) on Friday November 13 2020, @04:24PM (#1077063) Journal

      Submit a story or create an account and make your own journal entry. Hijacking a thread for your own discussions, isn't helpful.

      --
      Joshua 1:9 "Be strong and of a good courage; be not afraid, neither be thou dismayed: for the Lord thy God is with thee"

  • (Score: 5, Touché) by maxwell demon on Friday November 13 2020, @11:26AM

    by maxwell demon (1608) on Friday November 13 2020, @11:26AM (#1076988) Journal

    You don't need to be a hacker to access a system through a default password, and then use its functionality as intended (just not intended for them).

    However US government agencies that don't even change default admin passwords is something that simply should not happen. You don't need to be a security expert to know that this is a very bad idea.

    --
    The Tao of math: The numbers you can count are not the real numbers.

  • (Score: 1, Funny) by Anonymous Coward on Saturday November 14 2020, @12:46AM

    by Anonymous Coward on Saturday November 14 2020, @12:46AM (#1077203)

    Mel Brooks was a prophet...
    https://www.youtube.com/watch?v=a6iW-8xPw3k [youtube.com]

(1)