Follow ZDNET: Add us as a favorite source On Google.
Key takeaways of zdnet
- Hackers have broken the private gitlab repository of Red Hat.
- Information of some red hat counseling customers has been stolen.
- How serious this violation is an open question.
There will be a security violation in every company’s life. This time, it is Linux and Cloud Powerhouse Red hat ‘S turn. A new front cybercrime group itself claimed responsibility for dissolving the private of Red Hat by a new front cybercrime group (also known as I of Providence) Gitlab Repactions and customer information and stealing confidential source code.
Also: Hackers stole 1 billion records with this simple trick from the salesforce customer database – don’t fall for this
Group claimed late Thursday night WireThe posting screenshot is allegedly showing directory listing from internal red hat projects. Red Hat has confirmed Breech,
Red Hat said:
“We detected unauthorized access to Gitlab example recently used for interior Red hat consultation Cooperation in select engagement. We immediately started an intensive investigation, removed the reach of the unauthorized party, separated the example, and contacted the appropriate authorities. Our investigation, which is going on, found that an unauthorized third party had access and copy some data from this example. ,
Hackers claim that about 570GB data has been swiped from 28,000 internal development repository. This data allegedly includes around 800 customer engagement reports (Cers).
Red hat cers RED hat consultation services are detailed documents that contain sensitive information about the client environment, such as architecture diagram, network configuration and authentication tokens. Armed with this data, the group claims that this downstream customer may break into the infrastructure.
Are downstream customers weak?
RED HAT’s answer to the claim: “The compromised Gitlab example kept the data of counseling engagement, for example, RED HAT’s project specifications, example codes snipites, and internal communication about consultation services. This gitlab example usually does not contain sensitive personal data. While our analysis does not recognize the affected data at this time, we do not recognize the affected data at the moment.
Also: Fishing training does not stop your employees from clicking on scam link – why is it here
The group said it received CER from companies such as AT&T, Bank of America and Fidelity, and Government Agencies, including the US Naval Surface Surface Warfare Center, Federal Aviation Administration and US House of Representatives.
In response, Red Hat reiterated that this hack had only affected RED HAT counseling customers. “At this time, we have no reason to believe that this security issue affects any other red hat services or products, including our software supply chain or downloading red hat software from official channels.”
If you are not a red hat counseling customer, Red Hat assures all your other customers and users that “currently there is no evidence that you have been affected by this incident.” Red Hat said that it was “aware of the claims broadcast online” and “security teams are actively reviewing the case.”
While Gitlab software is included, this safety violation is completely red hat problem, not Gitlab. In a statement, Gitlab said, “There has been no violation of Gitlab’s managed systems or infrastructure. Gitlab remains safe and unaffected. The incident refers to the self-managed example of Red Hat. Gitlab Community EditionOur free open-core offer. ,
Companies deploying the Gitlab community version are responsible for securing it; Gitlab is not.
The Crimson collective claims claimed to tease the “Tens Gigabytes” of the data from the Red Hat’s self-hosted gitlab example, including unpublished projects and safety-related equipment. No source code samples have appeared on leaked sites, so these claims are rejecting.
Also: Plash by cyber attack, salesforce faces a trust problem – and sued a possible class action
Furthermore, since all the software and services of Red Hat are based on the open-source code, it is complex to imagine how to reach its code may probably cause any danger. Own codes from Apple or Microsoft, there will be another story. But all Red Hat Enterprise Linux (RHEL) Code is already out Fedora And Centos StreamWe already know what is in the recipe of RHEL and how it is cooked.
Nevertheless, this violation of red hat customers’ data damages the company’s reputation. In the last two years, more companies have become Open-sources supply chains are concerned about security issues.
Be ahead of security news with Tech todayReacted every morning to his inbox.
Until late Friday night, Red Hat did not provide more updates on how serious the claims of Crimson Collective are. Eventually, cyber crime groups often exaggerate or create violations to attract attention. There is no question that there is a violation, but how serious it is an open question.
