Kusan 200 GB na lambar tushe daga Samsung da Nvidia Lapsus $ ne ya leka

a cikin makonnin ƙarshe mu raba a nan a kan blogwasu daga cikin Noticias da aka sanar game da hacking lokuta a NVDIA da Samsung ta hacker group Lapsus$, wanda kuma ya sami damar samun bayanai daga Ubisoft.

Kuma wannan shine kwanan nan GitGuardian ya duba lambar tushen Samsung don bayani sirri, kamar maɓallan sirri (maɓallan API, takaddun shaida) kuma an gano 6695 daga cikinsu. An samu wannan sakamakon yayin bincike da aka yi amfani da na'urori sama da 350, kowanne yana neman takamaiman halaye na nau'in maɓalli na sirri, yana ba da sakamako da gaske.

A cikin wannan binciken, masu bincike GitGuardian ya cire sakamako daga manyan na'urori masu ganowa da kuma na'urorin gano kalmar sirri, tun da yawanci suna iya haɗawa da tabbataccen ƙirƙira don haka haifar da sakamako mai ƙima. Tare da wannan a zuciya, ainihin adadin maɓallan sirri na iya zama mafi girma.

Ga waɗanda ba su saba da GitGuardian ba, ya kamata ku sani cewa wannan kamfani ne da aka kafa a cikin 2017 ta Jérémy Thomas da Eric Fourrier kuma wanda ya karɓi Kyautar Farawa ta 2021 FIC kuma memba ne na FT120.

Kamfanin ya kafa kansa a matsayin ƙwararre a cikin gano maɓallan sirri kuma yana mai da hankali kan ƙoƙarin R & D akan hanyoyin da suka dace da samfurin alhakin da aka raba a kusa da aiwatar da AppSec tare da la'akari da kwarewar masu haɓakawa.

Dan Dandatsa
Labari mai dangantaka:
Masu satar bayanai suna yi wa Nvidia barazanar zazzage bayanai masu mahimmanci idan ba su yi niyyar buɗe direbobin tushe ba

Kamar yadda zamu iya gani a cikin taƙaitaccen sakamako, sakamakon takwas na farko yana wakiltar kashi 90% na binciken kuma, ko da yake yana da mahimmancin bayanai, yana iya zama mafi wuya ga mai hari ya yi amfani da shi, tun da yana nufin tsarin ciki.

Wannan ya bar maɓallan tantance sirri sama da 600 wanda ke ba da dama ga ayyuka daban-daban da tsare-tsare waɗanda maharin zai iya amfani da su don kutsawa wasu tsarin a gefe.

» Daga cikin maɓallan sama da 6600 da aka samo a cikin lambar tushe na Samsung, kusan 90% na ayyukan Samsung na ciki da ababen more rayuwa ne, yayin da sauran 10% masu mahimmanci na iya ba da damar yin amfani da sabis na waje ko kayan aikin Samsung, kamar AWS, GitHub, kayan tarihi, da Google," in ji Mackenzie Jackson, Developer Advocate a GitGuardian.

Dan Dandatsa
Labari mai dangantaka:
Lambobin leaks na samfuran Samsung, ayyuka da hanyoyin tsaro

Rahoton GitGuardian na baya-bayan nan ya nuna cewa a cikin ƙungiyar da ke da matsakaita na masu haɓakawa 400, ana samun sama da maɓallan sirri 1000 a cikin ma'ajiyar lambar tushe na ciki (Source State of Secret Sprawl 2022).

Idan irin waɗannan makullin sirrin sun leko, hakan na iya shafar ikon Samsung don sabunta wayoyi amintattu, ba abokan gaba damar samun mahimman bayanan abokin ciniki, ko ba su damar yin amfani da kayan aikin cikin gida na Samsung, tare da ikon ƙaddamar da wasu hare-hare.

Mackenzie Jackson ya kara da cewa:

Waɗannan hare-hare suna fallasa matsalar da da yawa a cikin masana'antar tsaro suka yi ƙararrawa game da: lambar tushe ta ciki ta ƙunshi adadin bayanai masu ƙarfi da ke ƙaruwa koyaushe, duk da haka ya kasance ƙaƙƙarfan kadara mara inganci. Lambar tushe tana samuwa ga masu haɓakawa a duk faɗin kamfanin, ana samun tallafi akan sabar daban-daban, an adana su akan injinan gida na masu haɓakawa, har ma da rabawa ta takaddun ciki ko ayyukan imel. Wannan ya sa su zama manufa mai ban sha'awa ga abokan gaba don haka muna ganin tsayin daka kan yawan wadannan hare-hare."

A tashar Lapsus$ Telegram, za mu iya ganin yadda ƙungiyar hacker ke samun damar shiga waɗannan ma'ajiyar ta hanyar aikawa da abin da ke da mahimmanci ga ma'aikatan manyan kungiyoyi don bayyana damar su.

Abin takaici, ba mu gama ganin hare-hare irin wannan ba, yanzu ƙungiyar ta sake raba rumfunan zabe, ta hanyar tashar Telegram, suna tambayar masu sauraron su wane lambar tushe ya kamata su zubo a gaba, wanda ke nuna cewa akwai yuwuwar samun ƙarin leaks na ciki. zuwa gaba.

Finalmente Idan kuna da sha'awar sanin game da shi, zaka iya duba bayanan A cikin mahaɗin mai zuwa.


Kasance na farko don yin sharhi

Bar tsokaci

Your email address ba za a buga. Bukata filayen suna alama da *

*

*

  1. Wanda ke da alhakin bayanan: Miguel Ángel Gatón
  2. Manufar bayanan: Sarrafa SPAM, sarrafa sharhi.
  3. Halacci: Yarda da yarda
  4. Sadarwar bayanan: Ba za a sanar da wasu bayanan ga wasu kamfanoni ba sai ta hanyar wajibcin doka.
  5. Ajiye bayanai: Bayanin yanar gizo wanda Occentus Networks (EU) suka dauki nauyi
  6. Hakkoki: A kowane lokaci zaka iyakance, dawo da share bayanan ka.