Experts warn of ‘ticking bomb’ for supply chain attack
Experts from Aqua Security are calling for urgent attention to the public disclosure of Kubernetes configuration secrets. According to recent research, experts are warning that hundreds of source code projects and organizations are vulnerable to “ticking supply chain bomb.” Aqua analysts Yakir Kadkoda and Assaf Morag claim they found Kubernetes secrets in public repositories. They allow access to sensitive software development life cycle (SDLC) environments and pose a serious threat of supply chain attack . Those affected include two leading block chain firms and various other Fortune 500 companies that used the GitHub API to obtain all entries containing .dockerconfigjson and .dockercfg, which store credentials to access the container image registry. You might also like: Role of decentralization in ensuring security Of the 438 records are at risk of containing valid registry credentials, 203 records (around 46%) contained valid registry credentials. Of these, 93 pa...