Goto

Collaborating Authors

Intel investigating breach after 20GB of internal documents leak online

ZDNet

None of the leaked files contain sensitive data about Intel customers or employees, based on ZDNet's review. However, the question remains to what else the alleged hacker had access to before stealing and releasing Intel's confidential files. In an emailed statement sent after this article's publication, Intel denied getting "hacked," disputting Kottmann's claim. The company suggested that an individual with access to its Resource and Design Center might have downloaded the confidential data without authorization and shared it with the Swiss researcher. The Intel Resource and Design Center is a web portal where Intel provides non-public technical documents to business partners integrating Intel chipsets into their respective products.


20GB of Intel internal documents were leaked online

Engadget

More than 20GB worth of Intel internal documents has been uploaded on Mega, and according to ZDNet, the chipmaker is now trying to ascertain how the files were leaked. A Swiss software engineer named Till Kottmann published the documents, most of which are marked "confidential." He said he got it from a source who claims to have hacked the company sometime around May this year. Kottmann has history publishing data from major tech companies that was leaked online through various avenues, such as misconfigured Git repositories. Intel exconfidential Lake Platform Release;) This is the first 20gb release in a series of large Intel leaks.


Mercedes-Benz onboard logic unit (OLU) source code leaks online

ZDNet

The source code for "smart car" components installed in Mercedez-Benz vans has been leaked online over the weekend, ZDNet has learned. The leak occurred after Till Kottmann, a Swiss-based software engineer, discovered a Git web portal belonging to Daimler AG, the German automotive company behind the Mercedes-Benz car brand. Kottmann told ZDNet that he was able to register an account on Daimler's code-hosting portal, and then download more than 580 Git repositories containing the source code of onboard logic units (OLUs) installed in Mercedez vans. According to the Daimler website, the OLU is a component that sits between the car's hardware and software, and "connects vehicles to the cloud." Daimler says the OLU "simplifies technical access and the management of live vehicle data" and allows third-party developers to create apps that retrieve data from Mercedes vans.


Nissan source code leaked online after Git repo misconfiguration

ZDNet

The source code of mobile apps and internal tools developed and used by Nissan North America has leaked online after the company misconfigured one of its Git servers. The leak originated from a Git server that was left exposed on the internet with its default username and password combo of admin/admin, Tillie Kottmann, a Swiss-based software engineer, told ZDNet in an interview this week. SMAT/webscrape is a tool by the data science/market research team, which scrapes all current offers on cars by zip code from https://t.co/5h9U6RLYge. The Git server, a Bitbucket instance, was taken offline yesterday after the data started circulating on Monday in the form of torrent links shared on Telegram channels and hacking forums. Reached out for comment, a Nissan spokesperson confirmed the incident.


FBI: Hackers stole source code from US government agencies and private companies

ZDNet

The Federal Bureau of Investigation has sent out a security alert warning that threat actors are abusing misconfigured SonarQube applications to access and steal source code repositories from US government agencies and private businesses. US officials talk about all the methods the Chinese government and its agents have been using to target US companies and universities to steal intellectual property. Intrusions have taken place since at least April 2020, the FBI said in an alert sent out last month and made public this week on its website. The alert specifically warns owners of SonarQube, a web-based application that companies integrate into their software build chains to test source code and discover security flaws before rolling out code and applications into production environments. SonarQube apps are installed on web servers and connected to source code hosting systems like BitBucket, GitHub, or GitLab accounts, or Azure DevOps systems.