Hack Notice

Hack Notice: NY Gov

NY Gov

Source
https://techcrunch.com/2021/06/24/an-internal-code-repo-used-by-new-york-states-it-office-was-exposed-online/
Description
An internal code repo used by New York States IT office was exposed online Zack Whittaker@zackwhittaker / 1:00 PM CDT"June 24, 2021 Comment Governor Cuomo Under fire As He Faces Multiple Sexual harassment Accusations Image Credits: matthew Cavanaugh (opens in a new window)/ Getty Images A code monument used by the New York say governments IT department was left exposed on the internet, allowing anyone to access the projects inside, some of which contained secret keys and passwords associated with state government systems. The exposed GitLab server was discovered on Saturday by Dubai-based SpiderSilk, a cybersecurity company credited with discovering data spills at Samsung, Clearview AI and MoviePass. Organizations utilisation GitLab to collaboratively develop and store their source code  as wellspring as the secret keys, tokens and passwords needed for the projects to work  on servers that they control. But the exposed server was accessible from the net and configured so that anyone from outside the organization could create a user account and log in unimpeded, SpiderSilks foreman security officer Mossab Hussein told TechCrunch. When TechCrunch visited the GitLab server, the login page showed it was accepting new user accounts. Its not known exactly how long the GitLab server was accessible in this way, but historic records from Shodan, a search engine for exposed devices and databases, shows the GitLab was first detected on the internet on march 18. SpiderSilk shared several screenshots showing that the GitLab server contained secret keys and passwords associated with servers and databases belonging to New York States office of info technology Services. Fearing the exposed server could be maliciously accessed or tampered with, the startup asked for help in disclosing the surety lapse to the state. TechCrunch alerted the New York governors office to the exposure a short time after the server was found. Several emails to the governors office with details of the exposed GitLab server were opened but were not responded to. The server went offline on Monday afternoon. Scot Reif, a spokesperson for New York States Office of information Technology Services, said the server was a examine box lot up by a vendor, there is no data whatsoever, and it has already been decommissioned by ITS. (Reif declared his reaction on background and attributable to a state official, which would require both parties agree to the terms in advance, but we are printing the reply as we were not given the opportunity to pooh-pooh the terms.) When asked, Reif would not say who the vendor was or if the passwords on the server were changed. Several projects on the server were marked prod, or common shorthand for production, a term for servers that are actively used. Reif also would not state if the incident was reported to the states Attorney Generals office. When reached, a spokesperson for the attorney General did not notice by press time. TechCrunch understands the vendor is Indotronix-Avani, a New York-based companionship with offices in India, and owned by adventure capital firm Nigama Ventures. Several screenshots present some of the GitLab projects were modified by a contrive coach at Indotronix-Avani. The vendors website touts New York state on its website, along with other government customers, including the U.S. say Department and the U.S. department of Defense. Indotronix-Avani representative brand Edmonds did not answer to requests for comment.

About HackNotice and NY Gov

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and NY Gov was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of NY Gov their products, services, websites, or applications and you were a client of HackNotice, monitoring for NY Gov you may have been alerted to this report about NY Gov . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If NY Gov had a transgress of consumer data or a data leak, then there may be additional actions that our clients should make to protect their digital identity. Data breaches, hacks, and leaks often guide to and do identity theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, word reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer info through data leaks, as the direct result of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that direct to depress node security and digital identities that have been exposed and should be considered vulnerable to attack. HackNotice workings with clients to identify the extent that digital identities have been exposed and provides remediation suggestions for how to handle each typecast of exposure.

HackNotice monitors the hacker community, which is a network of individuals that part data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account accept overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that hurt consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to share nag notices with their friend, family, and collogues to help increase cognisance around alleged hacks, breaches, or data leaks. HackNotice works to provide clients with sharable reports to assist increase the security of our clients personal network. The security of the people that our clients interact with directly impacts the layer of certificate of our clients. Increased exposure to accounts that make been taken over by hackers leads to further account read overs through phishing, malware, and other impound techniques.

If you found this hack observation to be helpful, then you may be interested in reading some additional cut notices such as:

ere sensitive data was apparently not actually exposed. Many jurisdictions have passed nts pose the risk of identicalness theft or other serious consequences, in most cases there is no lasting in health care, more than 25 million multitude have had their health tutelage stolen, resulting in the

RotoMetrics  Roto-Die Company

Defacement http://tekavoul.gov.mr/0x48.htm

Defacement http://cn-lct.gov.mr/0x48.htm