AI DevwWrld CyberDSA Chatbot Summit Cyber Revolution Summit CYSEC Global Cyber Security & Cloud Expo World Series Digital Identity & Authentication Summit Asian Integrated Resort Expo Middle East Low Code No Code Summit TimeAI Summit

Critical vulnerability for Mercedes-Benz: GitHub token exposure

Inadvertent exposure of a company token puts Mercedes-Benz's IT security to the test

Mercedes-Benz faced a data leak because an employee exposed a GitHub token, allowing access to important source code. The company responded by revoking the token and strengthening security measures.

This pill is also available in Italian language

In shedding light on recent cybersecurity issues, it emerges that Mercedes-Benz faced a significant vulnerability. RedHunt Labs, operating in the cybersecurity sector, has detected a publicly exposed GitHub token, owned by an employee of the German company. The latter would have allowed full access to company resources encoded on the GitHub server, including essential source code for the company, potentially resulting in massive disclosure of sensitive data.

Consequences of the compromised GitHub token

The public GitHub repository where the token was found contained, among other things, access keys to the Microsoft Azure and Amazon Web Services cloud and the code of the Postgres databases. The token gave an open green light to these elements from September 2023. Mercedes-Benz seized the opportunity by immediately revoking the token and sealing the public repository to contain the potential damage and avoid the dissemination of valuable and confidential information.

The measures taken by Mercedes-Benz

Mercedes-Benz confirmed that the security gap was due to human error by one of its employees and that it has launched a rigorous internal investigation. The company underlines the centrality of data security, ensuring that it will intervene with new cybersecurity policies and strategies to further armor its systems and prevent similar incidents in the future.

Safety incidents in the automotive sector

The Mercedes-Benz case once again raises the issue of data security in the automotive sector. Similarly, Ferrari has recently faced security issues: customer data has been stolen and there have been ransom demands. However, Ferrari has rejected the claims and stated that there is no evidence of direct breaches of its internal systems, nor operational disruptions. Both incidents serve as a wake-up call for the industry, emphasizing the need for even more rigorous and proactive management of online information security.

Follow us on Threads for more pills like this

01/31/2024 14:34

Marco Verro

Last pills

Google Cloud security predictions for 2024: how AI will reshape the cybersecurity landscapeFind out how AI will transform cybersecurity and address geopolitical threats in 2024 according to Google Cloud report

AT&T: data breach discovered that exposes communications of millions of usersDigital security compromised: learn how a recent AT&T data breach affected millions of users

New critical vulnerability discovered in OpenSSH: remote code execution riskFind out how a race condition in recent versions of OpenSSH puts system security at risk: details, impacts and solutions to implement immediately

Discovery of an AiTM attack campaign on Microsoft 365A detailed exploration of AiTM attack techniques and mitigation strategies to protect Microsoft 365 from advanced compromises