EmeraldWhale's Massive Git Breach Highlights Config Gaps
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
Stay updated with the latest trends and security protocols in cloud computing. Navigate the evolving landscape of Cloud Information Security with us.
Search across headline titles and summaries.
Background for this topic.
Cloud computing involves delivering computing services—such as storage, processing, and networking—over the internet using remote data centers. This model enables organizations to scale resources dynamically without owning physical infrastructure. In security terms, the cloud environment is defined by multi-tenant infrastructure where multiple customers share hardware and software resources managed by a cloud provider.
Key security concerns include controlling access through strong identity and access management (IAM), protecting data with encryption both at rest and in transit, and managing vulnerabilities in shared infrastructure components. The cloud’s shared responsibility model requires customers to secure their applications and data while providers secure the underlying platform. Misconfigurations, weak access controls, and insufficient monitoring can expose cloud assets to unauthorized access or data leakage, making precise configuration and continuous security assessment essential.
The large-scale operation took advantage of open repositories, hardcoded credentials in source code, and other cloud oversights.
Cybersecurity researchers have flagged a "massive" campaign that targets exposed Git configurations to siphon credentials, clone private repositories, and even extract cloud credentials from the source code
Did you know that advanced threat actors can infiltrate the identity systems of major organizations and extract sensitive data within days? It’s a chilling reality, becoming more common and concerning by the day
Emeraldwhale gang looked sharp – until it made a common S3 bucket mistake A criminal operation dubbed Emeraldwhale has been discovered after it dumped more than 15,000 credentials belonging to cloud service and email providers in an open AWS S3 bucket, according to security researchers.…
EMERALDWHALE breach allowed access to over 10,000 repositories and resulted in the theft of more than 15,000 cloud service credentials
A global large-scale dubbed "EmeraldWhale" exploited misconfigured Git configuration files to steal over 15,000 cloud account credentials from thousands of private repositories. [...]
Normalyze’s AI-Powered DSPM Technology Boosts Proofpoint’s Data Visibility, ControlProofpoint will acquire DSPM startup Normalyze to strengthen its data security offerings across cloud, SaaS and hybrid environments. The company aims to give security teams enhanced visibility, control and human-centric risk reduction for sensitive data across complex infrastructures.
A professional-grade tool set, appropriately dubbed "CloudScout," is infiltrating cloud apps like Microsoft Outlook and Google Drive, targeting sensitive info for exfiltration.
A government entity and a religious organization in Taiwan were the target of a China-linked threat actor known as Evasive Panda that infected them with a previously undocumented post-compromise toolset codenamed CloudScout
Evasive Panda’s CloudScout uses MgBot to steal session cookies, infiltrating cloud data in Taiwan