emavikini okugcina sihlanganyela lapha kubhulogiezinye ze izindaba lokho kwaziwa mayelana namacala okugebenga a I-Nvidia kanye ne-Samsung ngeqembu le-hacker Lapsus$, ophinde wakwazi ukufinyelela ulwazi oluvela ku-Ubisoft.
Futhi yilokho muva nje I-GitGuardian iskene ikhodi yomthombo ye-Samsung ukuze ithole ulwazi okuyimfihlo, njengokhiye abayimfihlo (okhiye be-API, izitifiketi) futhi kwatholakala abangu-6695 babo. Lo mphumela utholwe phakathi nokuhlaziywa okusebenzise imitshina engayodwana engaphezu kuka-350, ngayinye ibheka izici ezithile zohlobo lokhiye oyimfihlo, okunikeza imiphumela ngokunemba okukhulu.
Kulokhu search, abacwaningi I-GitGuardian ayifakiwe imiphumela kusukela kuzitholi ezijwayelekile ezine-entropy ephezulu kanye nezihlonzi zephasiwedi ezijwayelekile, njengoba ngokuvamile zingabandakanya okungelona iqiniso futhi ngenxa yalokho zikhiqize imiphumela ekhuphukayo. Unalokho engqondweni, inombolo yangempela yokhiye abayimfihlo ingaba phezulu kakhulu.
Kulabo abangajwayelene ne-GitGuardian, kufanele wazi ukuthi lena yinkampani eyasungulwa ngo-2017 ngu-Jérémy Thomas no-Eric Fourrier futhi ethole i-2021 FIC Start-up Award futhi iyilungu le-FT120.
Le nkampani isizinze njengochwepheshe ekutholeni okhiye abayimfihlo futhi igxilisa imizamo yayo ye-R&D ezisombululweni ezithobelana nemodeli yesibopho esabiwe mayelana nokuqaliswa kwe-AppSec icabangela okuhlangenwe nakho konjiniyela.
Njengoba singabona esifinyezweni semiphumela, imiphumela yokuqala eyisishiyagalombili imelela u-90% wezinto ezitholiwe futhi, nakuba iwulwazi olubucayi kakhulu, kungase kube nzima kakhulu ukuthi umhlaseli ayisebenzise, njengoba cishe ibhekisela kumasistimu angaphakathi.
Lokhu ishiya okhiye bokuqinisekisa abayimfihlo abangaphezudlwana kuka-600 enikeza ukufinyelela kububanzi obubanzi bezinsizakalo ezahlukene kanye nezinhlelo umhlaseli angazisebenzisa ukuze angene eceleni kwezinye izinhlelo.
»Kokhiye abangaphezu kuka-6600 abatholakala kukhodi yomthombo ye-Samsung, cishe u-90% ngeyezinsizakalo zangaphakathi ze-Samsung nengqalasizinda, kuyilapho u-10% osele osele unganikeza ukufinyelela ezinsizeni zangaphandle noma amathuluzi avela kwa-Samsung, njenge-AWS, GitHub, ama-artifacts, kanye ne-Google,” kuchaza uMackenzie Jackson, Ummeli Wonjiniyela kwa-GitGuardian.
Umbiko wakamuva we-GitGuardian ubonise ukuthi enhlanganweni enesilinganiso sabathuthukisi abangama-400, okhiye abayimfihlo abangaphezu kwe-1000 batholakala kumakhosombe ekhodi yomthombo wangaphakathi (Source State of Secrets Sprawl 2022).
Uma okhiye abayimfihlo abanjalo beputshuzwa, kungathinta ikhono le-Samsung ukuze ubuyekeze amafoni ngokuvikelekile, unikeze izitha ukufinyelela olwazini lwekhasimende olubucayi, noma uzinikeze ukufinyelela kungqalasizinda yangaphakathi ye-Samsung, enekhono lokuqalisa okunye ukuhlasela.
UMackenzie Jackson uthi:
Lokhu kuhlasela kudalula inkinga abaningi embonini yezokuphepha abaye bahlaba umkhosi ngayo: ikhodi yomthombo yangaphakathi iqukethe inani elihlala likhuphuka ledatha ebucayi, nokho isalokhu iyimpahla engathembeki kakhulu. Ikhodi yomthombo itholakala kabanzi konjiniyela kuyo yonke inkampani, yenzelwe ikhophi yasenqolobaneni kumaseva ahlukene, egcinwe emishinini yendawo yonjiniyela, futhi yabelwa ngisho nangemibhalo yangaphakathi noma ngamasevisi e-imeyili. Lokhu kubenza babe okuhlosiwe okukhangayo kwabamelene nabo ngakho sibona ukuphikelela ezikhathini zalokhu kuhlasela.”
Esiteshini seLapsus$ Telegram, sizokwazi ukubona ukuthi iqembu lezigebengu lifinyelela kanjani kulezi zindawo zokugcina ngokuthumela lokho okuyikholi kubasebenzi bezinhlangano ezinkulu ukuthi baveze ukufinyelela kwabo.
Ngeshwa, asikakaqedi ukubona ukuhlaselwa okunje, iqembu manje selihlanganyela amavoti, futhi ngesiteshi sabo seTelegramu, libuza izethameli zabo ukuthi iyiphi ikhodi yomthombo okufanele ziputshuke ngokulandelayo, okubonisa ukuthi ukuvuza okuningi kusengenzeka. esikhathini esizayo.
Okokugcina Uma unesifiso sokwazi okwengeziwe ngakho, ungabheka imininingwane Kulesi sixhumanisi esilandelayo.