Misconfigured registries are putting hundreds of top businesses at risk

Millions of artifacts and container images have been found exposed on the public internet via thousands of misconfigured Red Hat Quay regis...

Millions of artifacts and container images have been found exposed on the public internet via thousands of misconfigured Red Hat Quay registries, JFrog Artifactory, or Sonatype Nexus artifact registries. Many of these held confidential and sensitive proprietary code, placing those companies at enormous risk of data leaks and cyberattacks.

A new report from the Aqua Nautilus research team found 250 million artifacts and 65,600 container images were exposed, leaving five Fortune 500 companies, as well as “thousands of others”, at risk.

Among the firms at risk were IBM, Alibaba, Siemens, and Cisco, the researchers said.

Surprising and highly concerning

Being “crucial elements” within the software supply chain, registries and artifact management systems are major targets for cybercriminals. Aqua Security claims many organizations are unaware, or unable to control, sensitive information and secrets that leak into these registries, and should hackers gain access - it could spell huge trouble for the target firms. As per the researchers, there are organizations that did not properly secure these highly critical environments. 

“The findings were both surprising and highly concerning,” commented Assaf Morag, lead threat researcher for Aqua Nautilus. 

The researchers found sensitive keys, such as secrets, credentials, or tokens, on 1,400 distinct hosts, and private sensitive addresses of endpoints, such as Redis, MongoDB, PostgreSQL, or MySQL, on 156 hosts. Furthermore, they found 57 registries with critical misconfiguration and 15 of these allowed admin access with the default password. More than 2,100 artifact registries had upload permissions.

To protect their premises, and the sensitive data residing there, Nautilus recommends businesses check if any registries or artifact management systems are exposed to the internet, and check if the ones connected to the internet by design aren’t critically vulnerable. Businesses should also verify that the anonymous user is disabled. 



from TechRadar - All the latest technology news https://ift.tt/4nJZvV2
via IFTTT

COMMENTS

BLOGGER
Name

Apps,3858,Business,151,Camera,1155,Earn $$$,3,Gadgets,1741,Games,926,GTA,1,Innovations,3,Mobile,1697,Paid Promotions,5,Promotions,5,Sports,1,Technology,8106,Trailers,796,Travel,37,Trending,4,Trendly News,25335,TrendlyNews,183,Video,5,XIAOMI,13,YouTube - 9to5Google,182,
ltr
item
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews: Misconfigured registries are putting hundreds of top businesses at risk
Misconfigured registries are putting hundreds of top businesses at risk
Trendly News | #ListenNow #Everyday #100ShortNews #TopTrendings #PopularNews #Reviews #TrendlyNews
http://www.trendlynews.in/2023/04/misconfigured-registries-are-putting.html
http://www.trendlynews.in/
http://www.trendlynews.in/
http://www.trendlynews.in/2023/04/misconfigured-registries-are-putting.html
true
3372890392287038985
UTF-8
Loaded All Posts Not found any posts VIEW ALL Readmore Reply Cancel reply Delete By Home PAGES POSTS View All RECOMMENDED FOR YOU LABEL ARCHIVE SEARCH ALL POSTS Not found any post match with your request Back Home Sunday Monday Tuesday Wednesday Thursday Friday Saturday Sun Mon Tue Wed Thu Fri Sat January February March April May June July August September October November December Jan Feb Mar Apr May Jun Jul Aug Sep Oct Nov Dec just now 1 minute ago $$1$$ minutes ago 1 hour ago $$1$$ hours ago Yesterday $$1$$ days ago $$1$$ weeks ago more than 5 weeks ago Followers Follow THIS PREMIUM CONTENT IS LOCKED STEP 1: Share. STEP 2: Click the link you shared to unlock Copy All Code Select All Code All codes were copied to your clipboard Can not copy the codes / texts, please press [CTRL]+[C] (or CMD+C with Mac) to copy