Welcome Guest, Not a member yet? Register   Sign In
data in .ENV on risk? Security best practices
#1

(This post was last modified: 08-16-2024, 01:02 AM by JanFromHamburg.)

What is your opinion, how save are the data in our .ENV file?
What additional security measures do you use aside the CI4 standards?


Risky Biz News:

A threat actor is hacking and extorting companies that have misconfigured their cloud server infrastructure. The data extortion campaign has been taking place since earlier this year and involves a large-scale scan of the internet for companies that have exposed their environment variable files. Also known as .ENV, these files act as a centralized location for storing configuration data by multiple software solutions. Security firm Palo Alto Network says the attacker has been scanning the internet for ENV files, extracting login credentials, and accessing cloud servers. The attacker has allegedly scanned more than 230 million unique servers and successfully retrieved 90,000 environment variables—with around 7,000 of these being access keys associated with cloud services. PAN researchers say that in some cases, the attacker accessed cloud servers, exfiltrated data, deleted the original files, and then asked for a ransom to return the stolen documents.

https://unit42.paloaltonetworks.com/larg....risky.biz
Reply


Messages In This Thread
data in .ENV on risk? Security best practices - by JanFromHamburg - 08-16-2024, 01:02 AM



Theme © iAndrew 2016 - Forum software by © MyBB