AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical vulnerability for Mercedes-Benz: GitHub token exposure

Inadvertent exposure of a company token puts Mercedes-Benz's IT security to the test

Mercedes-Benz faced a data leak because an employee exposed a GitHub token, allowing access to important source code. The company responded by revoking the token and strengthening security measures.

This pill is also available in Italian language

In shedding light on recent cybersecurity issues, it emerges that Mercedes-Benz faced a significant vulnerability. RedHunt Labs, operating in the cybersecurity sector, has detected a publicly exposed GitHub token, owned by an employee of the German company. The latter would have allowed full access to company resources encoded on the GitHub server, including essential source code for the company, potentially resulting in massive disclosure of sensitive data.

Consequences of the compromised GitHub token

The public GitHub repository where the token was found contained, among other things, access keys to the Microsoft Azure and Amazon Web Services cloud and the code of the Postgres databases. The token gave an open green light to these elements from September 2023. Mercedes-Benz seized the opportunity by immediately revoking the token and sealing the public repository to contain the potential damage and avoid the dissemination of valuable and confidential information.

The measures taken by Mercedes-Benz

Mercedes-Benz confirmed that the security gap was due to human error by one of its employees and that it has launched a rigorous internal investigation. The company underlines the centrality of data security, ensuring that it will intervene with new cybersecurity policies and strategies to further armor its systems and prevent similar incidents in the future.

Safety incidents in the automotive sector

The Mercedes-Benz case once again raises the issue of data security in the automotive sector. Similarly, Ferrari has recently faced security issues: customer data has been stolen and there have been ransom demands. However, Ferrari has rejected the claims and stated that there is no evidence of direct breaches of its internal systems, nor operational disruptions. Both incidents serve as a wake-up call for the industry, emphasizing the need for even more rigorous and proactive management of online information security.

Follow us on Instagram for more pills like this

01/31/2024 14:34

Editorial AI

Last pills

Serious vulnerability discovered in Rabbit R1: all user data at riskVulnerability in Rabbit R1 exposes sensitive API keys. What are the privacy risks?

Cyber attack in Indonesia: the new Brain Cipher ransomware brings services to their kneesNew ransomware hits Indonesia: learn how Brain Cipher crippled essential services and the techniques used by hackers

Patelco Credit Union: security incident halts customer services in CaliforniaService disruption and customer frustration: Patelco Credit Union works to resolve security incident

Cyber attack on TeamViewer: immediate response and investigations underwayStrengthened security measures and international collaborations to counter the cyber threat