Grafana:调查发现近期的安全事件未影响客户生产系统和运营
ChainCatcher 消息,开源数据可视化工具 Grafana 发布对 5 月 16 日的安全事件调查的最新进展,调查发现,此次事件仅限于 Grafana Labs 的 GitHub 环境,包括公开和私有源代码以及内部 GitHub 仓库,并未影响客户生产系统、运营或 Grafana Cloud 平台。下载的内容除源代码外,还包含部分团队用于协作和存储内部运营信息及业务细节的仓库,涉及业务联系姓名和邮箱地址,而非来自生产系统或云平台的数据。
Grafana Labs 明确表示代码库被下载但未被篡改,目前客户和开源用户无需采取任何行动。该事件源于通过 Mini Shai-Hulud 运动进行的 TanStack npm 供应链攻击。Grafana Labs 于 5 月 11 日检测到恶意活动并启动应急响应,但因遗漏一个凭证导致攻击者获得访问权限。5 月 16 日收到赎金要求后,公司决定不支付赎金,并已轮换自动化凭证、实施增强监控、审计自 5 月 11 日以来的所有提交,并大幅强化了 GitHub 安全配置。公司已通知联邦执法部门,调查仍在进行中。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Blockbeats•1s ago"Fed Microphone": The discussion of interest rate cuts is almost over, and the Fed has begun to seriously discuss the possibility of raising interest rates
Blockbeats•1s agoFederal Reserve meeting minutes: It may be necessary to maintain the current policy stance longer than expected
Blockbeats•1s agoOpenAI即将提交IPO申请
Blockbeats•1s agoThe custom on-chain stablecoin USDF on Solana has been launched
Blockbeats•1s agoThe US-Iran agreement text entered its final polishing phase, US stocks surged, and spot gold and silver prices rose
Blockbeats•1s agoPerp DEX Variational完成5000万美元A轮融资,Dragonfly Capital领投
币界网•28m agoBetting long on BTC outperforms altcoins: ZEC short positions opened at 1,483.51 units
Blockbeats•46m agoMorgan Stanley has submitted revised filing documents for Solana spot ETFs
币界网•1h agoCryptoQuant: Bitcoin's current trend is similar to the 2022 bear market
币界网•1h agoSecuritize's Q1 revenue grew 39% year-on-year, hitting a record high