A security researcher has warned that almost 400,000 websites are at risk from hacking and data theft via open .git repos and web security company High-Tech Bridge’s CEO Ilia Kolochenko commented.
Ilia Kolochenko, CEO at High-Tech Bridge:
“Many websites are vulnerable to similar misconfigurations, from default or bruteforceable passwords on FTP or admin panels, CMS reinstallation scripts, backups or a bit more recent problems like unprotected code repositories. Some of them are critical and can compromise the entire website and web server, others will just simplify or accelerate other attacks. Website owners are often busy with many things at once and consequentially forget about security, leaving pleasant surprises for the attackers. Maintaining your website software is up2date, using strong passwords, web server security hardening, strong SSL/TLS configuration and correctly implemented CSP are among the fundamental security precautions for every website owner.”