Grafana:调查发现近期的安全事件未影响客户生产系统和运营
ChainCatcher 消息,开源数据可视化工具 Grafana 发布对 5 月 16 日的安全事件调查的最新进展,调查发现,此次事件仅限于 Grafana Labs 的 GitHub 环境,包括公开和私有源代码以及内部 GitHub 仓库,并未影响客户生产系统、运营或 Grafana Cloud 平台。下载的内容除源代码外,还包含部分团队用于协作和存储内部运营信息及业务细节的仓库,涉及业务联系姓名和邮箱地址,而非来自生产系统或云平台的数据。
Grafana Labs 明确表示代码库被下载但未被篡改,目前客户和开源用户无需采取任何行动。该事件源于通过 Mini Shai-Hulud 运动进行的 TanStack npm 供应链攻击。Grafana Labs 于 5 月 11 日检测到恶意活动并启动应急响应,但因遗漏一个凭证导致攻击者获得访问权限。5 月 16 日收到赎金要求后,公司决定不支付赎金,并已轮换自动化凭证、实施增强监控、审计自 5 月 11 日以来的所有提交,并大幅强化了 GitHub 安全配置。公司已通知联邦执法部门,调查仍在进行中。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Blockbeats•1s agoFederal Reserve meeting minutes: It may be necessary to maintain the current policy stance longer than expected
Blockbeats•1s agoOpenAI即将提交IPO申请
Blockbeats•1s agoThe custom on-chain stablecoin USDF on Solana has been launched
Blockbeats•1s agoThe US-Iran agreement text entered its final polishing phase, US stocks surged, and spot gold and silver prices rose
Blockbeats•1s agoPerp DEX Variational完成5000万美元A轮融资,Dragonfly Capital领投
Blockbeats•1s agoMorgan Stanley has submitted revised filing documents for Solana spot ETFs
ChainCatcher•12m agoThe Fed minutes showed that almost all participants supported keeping interest rates unchanged
ChainCatcher•13m agoFederal Reserve meeting minutes show a slightly stronger economic outlook
ChainCatcher•15m agoThe minutes of the Fed meeting showed that some participants were worried about the solidification of inflationary pressures
币界网•1h agoTrump: A more violent blow to Iran is possible