AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical vulnerability for Mercedes-Benz: GitHub token exposure

Inadvertent exposure of a company token puts Mercedes-Benz's IT security to the test

Mercedes-Benz faced a data leak because an employee exposed a GitHub token, allowing access to important source code. The company responded by revoking the token and strengthening security measures.

This pill is also available in Italian language

In shedding light on recent cybersecurity issues, it emerges that Mercedes-Benz faced a significant vulnerability. RedHunt Labs, operating in the cybersecurity sector, has detected a publicly exposed GitHub token, owned by an employee of the German company. The latter would have allowed full access to company resources encoded on the GitHub server, including essential source code for the company, potentially resulting in massive disclosure of sensitive data.

Consequences of the compromised GitHub token

The public GitHub repository where the token was found contained, among other things, access keys to the Microsoft Azure and Amazon Web Services cloud and the code of the Postgres databases. The token gave an open green light to these elements from September 2023. Mercedes-Benz seized the opportunity by immediately revoking the token and sealing the public repository to contain the potential damage and avoid the dissemination of valuable and confidential information.

The measures taken by Mercedes-Benz

Mercedes-Benz confirmed that the security gap was due to human error by one of its employees and that it has launched a rigorous internal investigation. The company underlines the centrality of data security, ensuring that it will intervene with new cybersecurity policies and strategies to further armor its systems and prevent similar incidents in the future.

Safety incidents in the automotive sector

The Mercedes-Benz case once again raises the issue of data security in the automotive sector. Similarly, Ferrari has recently faced security issues: customer data has been stolen and there have been ransom demands. However, Ferrari has rejected the claims and stated that there is no evidence of direct breaches of its internal systems, nor operational disruptions. Both incidents serve as a wake-up call for the industry, emphasizing the need for even more rigorous and proactive management of online information security.

Follow us on Twitter for more pills like this

01/31/2024 14:34

Marco Verro

Last pills

Italy's success in cybersecurityHow Italy achieved excellence in global cybersecurity: strategies, collaborations, and international successes

IntelBroker alleged breach of Deloitte systemsServer exposed: how Deloitte's security may have been compromised by a cyber attack

Vo1d infections on Android TV boxes: how to protect your devicesLearn the essential measures to protect your Android TV boxes from the dreaded Vo1d malware and keep your devices safe from cyber threats

Hacker attack in Lebanon: Hezbollah under fireTechnological shock and injuries: cyber warfare hits Hezbollah in Lebanon