data in .ENV on risk? Security best practices |
What is your opinion, how save are the data in our .ENV file?
What additional security measures do you use aside the CI4 standards? Risky Biz News: A threat actor is hacking and extorting companies that have misconfigured their cloud server infrastructure. The data extortion campaign has been taking place since earlier this year and involves a large-scale scan of the internet for companies that have exposed their environment variable files. Also known as .ENV, these files act as a centralized location for storing configuration data by multiple software solutions. Security firm Palo Alto Network says the attacker has been scanning the internet for ENV files, extracting login credentials, and accessing cloud servers. The attacker has allegedly scanned more than 230 million unique servers and successfully retrieved 90,000 environment variables—with around 7,000 of these being access keys associated with cloud services. PAN researchers say that in some cases, the attacker accessed cloud servers, exfiltrated data, deleted the original files, and then asked for a ransom to return the stolen documents. https://unit42.paloaltonetworks.com/larg....risky.biz |
Messages In This Thread |
data in .ENV on risk? Security best practices - by JanFromHamburg - 08-16-2024, 01:02 AM
RE: data in .ENV on risk? Security best practices - by FlavioSuar - 08-16-2024, 04:28 AM
RE: data in .ENV on risk? Security best practices - by kenjis - 08-17-2024, 07:15 PM
RE: data in .ENV on risk? Security best practices - by kenjis - 08-17-2024, 07:08 PM
|