Saturday , May 24 2025
Git configuration files

Massive Attack: Hacker Actively Use 4800+ IPs To Attack Git Configuration Files

infosecbulletin 4 weeks ago Cyber Attack

A recent increase in cyber reconnaissance has endangered thousands of organizations, as GreyNoise, a global threat intelligence platform, reported a significant rise in attempts to access sensitive Git configuration files.

On April 20 and 21, GreyNoise recorded over 4,800 unique IPs targeting these files, marking a record high and indicating increased interest from malicious actors.

Evaly E-commerce Platform Allegedly Hacked

By infosecbulletin / Saturday , May 24 2025
Evaly, a Bangladeshi e-commerce platform, is reportedly facing a major data breach that may have exposed sensitive information of around...
Read More
Evaly E-commerce Platform Allegedly Hacked

Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

By infosecbulletin / Friday , May 23 2025
A passback vulnerability has been found in some Canon printers, including production and multifunction models. If an attacker gains administrative...
Read More
Exploitable Vulns in Canon Printers Allow Gaining Admin Privileges

184 Million Leaked Credentials Discovered in Open Database

By infosecbulletin / Friday , May 23 2025
Security researchers have discovered a database with 184 million account credentials, highlighting the need to update compromised passwords, strengthen weak...
Read More
184 Million Leaked Credentials Discovered in Open Database

Palo Alto Networks Warns of XSS Flaw: PoC Released

By infosecbulletin / Wednesday , May 21 2025
Palo Alto Networks warns a reflected cross-site scripting (XSS) vulnerability, CVE-2025-0133, in the GlobalProtect gateway and portal features of its...
Read More
Palo Alto Networks Warns of XSS Flaw: PoC Released

Pwn2Own Berlin reveals 29 critical vulns in major tech firms

By infosecbulletin / Wednesday , May 21 2025
Pwn2Own Berlin 2025, a top cybersecurity contest, awarded $1,078,750 to researchers who discovered 29 zero-day vulnerabilities in various enterprise technologies....
Read More
Pwn2Own Berlin reveals 29 critical vulns in major tech firms

High-Severity Flaw Hits Atlassian Jira Data Center

By infosecbulletin / Wednesday , May 21 2025
A recently discovered vulnerability, CVE-2025-22157, threatens organizations using Atlassian’s Jira Core Data Center and Jira Service Management Data Center by...
Read More
High-Severity Flaw Hits Atlassian Jira Data Center

All major mobile networks go down across Spain

By infosecbulletin / Tuesday , May 20 2025
A nationwide phone network has gone down in Spain, shortly after blackouts caused chaos and significant financial losses. Emergency services...
Read More
All major mobile networks go down across Spain

Researchers found 200 billion files exposed in cloud buckets

By infosecbulletin / Monday , May 19 2025
Billions of files, including documents, source code, and backups, are leaking because of misconfigured cloud storage. Cyble, a cybersecurity company...
Read More
Researchers found 200 billion files exposed in cloud buckets

Bank server compromised using customer’s mobile, steal ₹11 crore

By infosecbulletin / Sunday , May 18 2025
Cyber fraudsters hacked the Himachal Pradesh State Cooperative Bank's server using a customer's mobile phone. According to reports, the fraudsters...
Read More
Bank server compromised using customer’s mobile, steal ₹11 crore

“InfoSecCon-2025″ held successfully promising cyber resilience

By infosecbulletin / Sunday , May 18 2025
"InfoSecCon-2025" was successfully held with tremendous audiences with various time demanding topics and keynotes at Dhaka on 16 May- 2025....
Read More
“InfoSecCon-2025″ held successfully promising cyber resilience

CVE Spotlight: CVE-2021-23263:

This recent activity is not linked to a new zero-day vulnerability, but experts warn that attackers might take advantage of known issues like CVE-2021-23263 in certain web server setups that can accidentally reveal .git directories.

GreyNoise reports that this is the fourth and largest spike in Git configuration file crawling since September 2024, significantly exceeding earlier spikes that involved around 3,000 unique IPs.

Source: Greynoise

Exposing a Git configuration file (or, worse, the entire .git/ directory) can reveal:

Remote repository URLs (e.g., GitHub, GitLab)
Branch structures and naming conventions
Insider metadata about development processes
Credentials embedded in commit history

To prevent such breaches:

Ensure .git/ directories are not web-accessible.
Block access to hidden files/folders in web server configs.
Monitor server logs for repeated requests to .git/config.
Immediately rotate any exposed credentials.
Blocking malicious IPs and closing these gaps should be a top priority for any organization relying on Git for source code management.
If exploited, attackers can download the entire Git repository, including its configuration files, commit history, and sensitive credentials.

Malicious IPs and Regional Targeting:

95% of IPs involved in this behavior over the past 90 days are classified as malicious, highlighting a significant threat to exposed sites. While this activity is widespread, it is particularly concentrated in Asia, with Singapore identified as the leading source and destination for these scanning sessions, followed by the U.S. and Germany.

Top Source Countries (Unique IPs):

Singapore: 4,933
U.S.: 3,807
Germany: 473
U.K.: 395
Netherlands: 321

Top Destination Countries (Unique IPs):

Singapore: 8,265
U.S.: 5,143
Germany: 4,138
U.K.: 3,417
India: 3,373

Greynoise report claimed, the IPs are linked to cloud infrastructure providers such as Cloudflare, Amazon, and DigitalOcean.

Check Also

406 incidents

Top Ransomware Actively Attacking Financial Sector: 406 Incidents Disclosed

From April 2024 to April 2025, Flashpoint analysts noted that the financial sector was a …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2025, All Rights Reserved InfoSecBulletin