kwiiveki zokugqibela sabelana apha kwibhlogezinye ze Izaziso ukuba zazisiwe malunga namatyala okugqekeza a Nvidia kunye Samsung liqela hacker Lapsus $, okwazileyo ukufikelela kulwazi oluvela ku-Ubisoft.
Kwaye kutsha nje I-GitGuardian iskena ikhowudi yemvelaphi ye-Samsung ngolwazi eziyimfihlo, ezifana nezitshixo eziyimfihlo (izitshixo ze-API, izatifikethi) kwaye zafumanisa i-6695 yazo. Esi siphumo sifunyenwe ngexesha lokuhlalutya okusetyenziswa ngaphezu kwama-350 ama-detectors ngamnye, ngamnye efuna iimpawu ezithile zohlobo lwesitshixo esiyimfihlo, enika iziphumo ngokuchanekileyo okukhulu.
Kolu phendlo, abaphandi GitGuardian iziphumo ezingabandakanywanga ukusuka kwii-generic high-entropy detectors kunye ne-generic password detectors, kuba zihlala zibandakanya iimpawu ezingeyonyani kwaye ke zivelisa iziphumo eziphakamileyo. Ngaloo nto engqondweni, inani langempela lamaqhosha ayimfihlo anokuba phezulu kakhulu.
Kulabo abangaqhelananga neGitGuardian, kufuneka wazi ukuba le yinkampani esekelwe kwi-2017 nguJérémy Thomas kunye no-Eric Fourrier kwaye efumene i-2021 FIC Start-up Award kwaye ilungu le-FT120.
Inkampani izimise njengengcali ekubhaqweni kwezitshixo eziyimfihlo kwaye igxile kwimizamo yayo ye-R&D kwizisombululo ezithobela imodeli yoxanduva olwabelwanayo malunga nokuphunyezwa kwe-AppSec kuthathelwa ingqalelo amava abaphuhlisi.
Njengoko sinokubona kwisishwankathelo seziphumo, iziphumo ezisibhozo zokuqala zimela i-90% yezinto ezifunyenweyo kwaye, nangona ulwazi olubucayi kakhulu, kunokuba nzima ukuba umhlaseli asebenzise, kuba mhlawumbi ubhekisela kwiinkqubo zangaphakathi.
Oku ishiya ngaphezulu kwama-600 amaqhosha okuqinisekisa ayimfihlo ezibonelela ngofikelelo kuluhlu olubanzi lweenkonzo ezahlukeneyo kunye neenkqubo ezinokuthi umhlaseli angazisebenzisa ukuze angene ecaleni kwezinye iinkqubo.
»Kwizitshixo ezingaphezu kwe-6600 ezifunyenwe kwikhowudi yomthombo we-Samsung, malunga neepesenti ezingama-90 zezezinkonzo zangaphakathi ze-Samsung kunye neziseko zophuhliso, ngelixa i-10% ebalulekileyo eseleyo inokubonelela ngokufikelela kwiinkonzo zangaphandle okanye izixhobo ezivela kwi-Samsung, njenge-AWS, i-GitHub, i-artifacts, kunye noGoogle, ”ucacisa uMackenzie Jackson, uMmeli woPhuhlisi eGitGuardian.
Ingxelo yakutshanje ye-GitGuardian ibonise ukuba kumbutho onomyinge wabaphuhlisi be-400, ngaphezu kwe-1000 izitshixo eziyimfihlo zifumaneka kwiindawo zokugcina ikhowudi yomthombo wangaphakathi (iSource State of Secrets Sprawl 2022).
Ukuba izitshixo eziyimfihlo zivuza, zinokuchaphazela amandla e-Samsung ukuhlaziya ngokukhuselekileyo iifowuni, ukunika abachasi ukufikelela kulwazi olunovakalelo lwabathengi, okanye ubanike ukufikelela kwiziseko ezingundoqo zangaphakathi ze-Samsung, ngokukwazi ukuqalisa olunye uhlaselo.
UMackenzie Jackson wongeza ngelithi:
Olu hlaselo luveza ingxaki yokuba abaninzi kushishino lokhuseleko baye bavakalisa i-alamu malunga: ikhowudi yomthombo wangaphakathi iqulethe inani elikhulayo ledatha ebuthathaka, kodwa ihlala iyi-asethi engathembekanga kakhulu. Ikhowudi yomthombo ifumaneka ngokubanzi kubaphuhlisi kuyo yonke inkampani, ixhaswe kwiiseva ezahlukeneyo, igcinwe koomatshini basekhaya abaphuhlisi, kwaye kwabelwane ngokubhaliweyo kwangaphakathi okanye iinkonzo ze-imeyile. Oku kubenza babe lithagethi elinomtsalane kubachasi kwaye ke sibona ukuzingisa kolu hlaselo. ”
Kwitshaneli yeTelegram yeLapsus, siya kuba nakho ukubona ukuba iqela le-hacker lifumana njani ukufikelela kwezi ndawo zokugcina ngokuthumela eyona nto ibiza abasebenzi bemibutho emikhulu ukuba baveze ukufikelela kwabo.
Ngelishwa, asikagqibi ukubona uhlaselo olulolu hlobo, iqela ngoku labelana ngovoto, kwakhona ngejelo leTelegram, libuza abaphulaphuli babo ukuba yeyiphi ikhowudi yomthombo abafanele bayivuze ngokulandelayo, ebonisa ukuba ukuvuza okuninzi kuseza kuza. kwilixa elizayo.
Gqibela Ukuba unomdla wokwazi okungakumbi ngayo, ungajonga iinkcukacha Kule khonkco ilandelayo.