InfoSecBulletin Cybersecurity for mankind
The New York Times’ internal source code and data were leaked on the 4chan message board. The new work times confirmed to Bleeping Computer that they were stolen from the company’s GitHub repositories in January 2024.
An anonymous user leaked internal data on Thursday. They posted a torrent containing a 273GB archive of the stolen data, as revealed by VX-Underground.
B1ack’s Stash Releases 1 Million Credit Cards on a Deep Web Forum
Cisco Confirms
Salt Typhoon Exploited CVE-2018-0171 to Target U.S. Telecom Networks
AWS Key Hunter
Test this free automated tool to hunt for exposed AWS secrets
Check Point Flaw Used to Deploy ShadowPad and Ransomware
CVE-2024-12284
Citrix Issues Security Update for NetScaler Console
CISA and FBI ALERT
Ghost ransomware to breach organizations in 70 countries
Hacker chains multiple vulns to attack Palo Alto Firewall
150 Gov.t Portal affected
Black-Hat SEO Poisoning Indian “.gov.in, .ac.in” domain
CVE-2018-19410 Exposes 600 PRTG Instances in Bangladesh
Builder claims Rs 150 cr for data loss; AWS faces FIR In Bengaluru
“Basically all source code belonging to The New York Times Company, 270GB,” reads the 4chan forum post.
The attacker shared a text file with a list of 6,223 folders stolen from the company’s GitHub repository.Many different types of information were stolen, such as IT documentation, infrastructure tools, and source code. This includes the popular Wordle game.
According to the ‘readme’ file, the attacker used a GitHub token that was exposed to gain unauthorized access to the company’s repositories and steal data.
In a statement to BleepingComputer, The Times said the breach occurred in January 2024 after credentials for a cloud-based third-party code platform were exposed. A subsequent email confirmed this code platform was GitHub.
The company stated that the breach of its GitHub account did not affect its internal corporate systems and had no impact on its operations.
