• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
Cyber Security News

Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity

You are here: Home / General Cyber Security News / Thousands of Publicly Exposed API Tokens Could Threaten Software Integrity
October 21, 2022

Thousands of publicly exposed, energetic software programming interface (API) tokens have been noticed throughout the web that could threaten software integrity and allow poor actors to obtain private facts, facts or personal networks.

The results occur from security researchers at JFrog, who recently made the discovery while screening a new characteristic in just one of the company’s security remedies. 

The team reportedly scanned about eight million artifacts in the most popular open-resource application registries, which include npm, PyPI, RubyGems, crates.io and DockerHub, to come across and validate leaked API tokens.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


In the case of npm and PyPI deals, the scan also incorporated numerous versions of the identical package deal to test and find tokens that had been once accessible but removed later.

The scan outcomes confirmed that Amazon Web Expert services (AWS), Google Cloud Platform (GCP) and Telegram API tokens have been the most leaked tokens. At the exact same time, the figures showed Amazon developers revoked 53% of all inactive tokens, while GCP only revoked 27%.

“Although the preliminary intention of their investigation was to find and take care of fake positives, the investigation team uncovered far more energetic secrets and techniques than predicted, which prompted the in-depth analysis,” JFrog wrote in a report shared with Infosecurity.

“To finish the investigation, the staff privately disclosed all leaked techniques to their respective code proprietors (ones who could be identified), providing them a probability to swap or revoke the techniques as necessary.”

Concerning what insider secrets experienced been disclosed, JFrog described the listing bundled plaintext API keys, credentials, expired certificates and passwords.

Far more information about the API tokens exposed by JFrog can be identified on the company’s web site. The technological produce-up comes months just after CloudSEK uncovered more than 3200 cellular applications were leaking Twitter API keys.

For extra data on how to secure applications towards API attacks, you can enjoy this current webinar by Jonathan Care from Lionfish Tech Advisors.


Some components of this posting are sourced from:
www.infosecurity-journal.com

Previous Post: «multiple campaigns exploit vmware vulnerability to deploy crypto miners and Multiple Campaigns Exploit VMware Vulnerability to Deploy Crypto Miners and Ransomware
Next Post: Google Unveils Open Source Project to Improve Software Supply Chain Security Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • NightEagle APT Exploits Microsoft Exchange Flaw to Target China’s Military and Tech Sectors
  • Your AI Agents Might Be Leaking Data — Watch this Webinar to Learn How to Stop It
  • Critical Sudo Vulnerabilities Let Local Users Gain Root Access on Linux, Impacting Major Distros
  • Google Ordered to Pay $314M for Misusing Android Users’ Cellular Data Without Permission
  • Massive Android Fraud Operations Uncovered: IconAds, Kaleidoscope, SMS Malware, NFC Scams
  • Over 40 Malicious Firefox Extensions Target Cryptocurrency Wallets, Stealing User Assets
  • The Hidden Weaknesses in AI SOC Tools that No One Talks About
  • Chinese Hackers Exploit Ivanti CSA Zero-Days in Attacks on French Government, Telecoms
  • Critical Cisco Vulnerability in Unified CM Grants Root Access via Static Credentials
  • North Korean Hackers Target Web3 with Nim Malware and Use ClickFix in BabyShark Campaign

Copyright © TheCyberSecurity.News, All Rights Reserved.