Security News > 2023 > February > The Secret Vulnerability Finance Execs are Missing

Verizon, in its most recent Data Breach Investigations Report, revealed that finance is the single most targeted industry worldwide when it comes to basic web application attacks.

To enable the different code to get along, they use credentials - secret keys, tokens and so on.

Between October 31, 2017 and April 20, 2018, the NCSU researchers analyzed over two billion files from over four million Github repositories, representing around 13 percent of everything on the site.

In the 2021 calendar year alone, GitGuardian identified over six million secrets published to Github - about three per every 1,000 commits.

Over three-quarters leaked AWS tokens, enabling outside parties to access private cloud services, and nearly half leaked tokens that further enabled "Full access to numerous, often millions, of private files."

Identification data is some of the most sensitive information apps possess, but this SDK leaked cloud credentials that "Could expose private authentication data and keys belonging to every banking and financial app using the SDK." It didn't end there, since "Users' biometric digital fingerprints used for authentication, along with users' personal data, were exposed in the cloud." In all, the five banking apps leaked over 300,000 of their users' biometric fingerprints.

News URL

https://thehackernews.com/2023/02/the-secret-vulnerability-finance-execs.html