Cyber Actors Stole Source Code Of U.S. Government Agencies And Businesses: FBI – Mashable India

The U.S. Federal Bureau of Investigation (FBI) issued a security alert warning that states have stolen source code from U.S. government agencies and private businesses. These hackers are abusing misconfigured SonarQube applications to access sensitive data, reports ZDNet.

SEE ALSO: Apple Paid $2,88,500 To Ethical Hackers For Discovering Security Flaws In Its Systems

The alert was issued by the FBI back in October and states that unidentified threat actors have been actively targeting vulnerable SonarQube applications since April 2020. The attack is being conducted with the purpose of access to source code repositories of U.S. government agencies and private businesses in the technology, finance, retail, food, eCommerce, and manufacturing sectors.

It further states that these hackers exploit known configuration vulnerabilities that give them access to proprietary code. For the uninitiated, SonarQube is an open-source automatic code review tool that detects bugs and security vulnerabilities in source code. FBI states that these unidentified threat actors leaked internal data from two organizations.

The stolen data was sourced from SonarQube instances that used default port settings and admin credentials running on the affected organizations networks, states the FBI.

The FBI has also listed a slew of mitigations for organizations to protect themselves from these threats including changing the SonarQube default settings, changing default administrator username, password, and port (9000), placing SonarQube instances behind a login screen, etc.

SEE ALSO: Russian Hackers Hit U.S. Hospitals With Ransomware Attack

See the article here:

Cyber Actors Stole Source Code Of U.S. Government Agencies And Businesses: FBI - Mashable India