- Greynoise saw a significant increase in scan activity
- Singapore IPS is looking for exposed git configuration files, also in Singapore
- The files could contain confidential information, such as login credentials and access tokens.
Singapore’s threat actors are in search of organizations in the country that can be divided and exploited, according to cybersecurity researchers Graynoise, who recently observed a significant increase in the recognition activity.
In a new analysis, published earlier this week, Graynoise said that from April 20 to 21, he witnessed a significant increase in IP addresses for set configuration files set out. Within that period, he saw 4,800 unique IP addresses that carry out the scan, which is a “substantial increase compared to typical levels.”
Most IP originated in Singapore, although some were in the United States, Germany, the United Kingdom and the Netherlands. They were also scanning in IPS in Singapore, but also in the United States, the United Kingdom, Germany and India.
Git secrets hunting
GIT configuration files generally include confidential information, such as user email addresses, access tokens, authentication credentials and remote repository url that embed the user names or tokens. As such, they are useful for cybercriminals in the stages of recognition and preparation of cyber attacks.
Software developers will sometimes forget to avoid public access to these files, exposing the secrets to anyone who knows where to look for. As Bleepingcomputer Remember that this is exactly what happened in October 2024, when Sysdig reported a large -scale operation that scanned the exposed git configuration files and obtained 15,000 accounts of cloud accounts in the cloud of thousands of private repositories.
“In some cases, if the full .Git directory is also exposed, attackers can reconstruct the entire code base, including confirmation history, which may contain confidential, credential or confidential logic information,” Graynoise explained.
To mitigate the risk, researchers advise that software developers make sure they are not accessible. GIT/ Directors through public web servers and block access to hidden files and folders in web server settings. In addition, they suggest development monitor records for repeated applications A .GIT/config and similar routes, and to rotate any credential exposed in the version control history.
Through Bleepingcomputer
