Grafana:调查发现近期的安全事件未影响客户生产系统和运营
ChainCatcher 消息,开源数据可视化工具 Grafana 发布对 5 月 16 日的安全事件调查的最新进展,调查发现,此次事件仅限于 Grafana Labs 的 GitHub 环境,包括公开和私有源代码以及内部 GitHub 仓库,并未影响客户生产系统、运营或 Grafana Cloud 平台。下载的内容除源代码外,还包含部分团队用于协作和存储内部运营信息及业务细节的仓库,涉及业务联系姓名和邮箱地址,而非来自生产系统或云平台的数据。
Grafana Labs 明确表示代码库被下载但未被篡改,目前客户和开源用户无需采取任何行动。该事件源于通过 Mini Shai-Hulud 运动进行的 TanStack npm 供应链攻击。Grafana Labs 于 5 月 11 日检测到恶意活动并启动应急响应,但因遗漏一个凭证导致攻击者获得访问权限。5 月 16 日收到赎金要求后,公司决定不支付赎金,并已轮换自动化凭证、实施增强监控、审计自 5 月 11 日以来的所有提交,并大幅强化了 GitHub 安全配置。公司已通知联邦执法部门,调查仍在进行中。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Blockbeats•53m agoSouth Korea's KOSPI index surpassed 8,100 points, setting a new all-time high
Blockbeats•55m agoAnalysis: Net inflows into trading platforms and ETF outflows have created potential selling pressure on 34,000 BTC. If Bitcoin hits $80,000, spot buying will still be needed
ChainCatcher•1h agoKohaku, a subsidiary of the Ethereum Foundation, has released an SDK for wallet-level privacy integration
Blockbeats•1h agoHyperliquid announced the launch of off-chain event prediction market contracts
Blockbeats•1h agoOndo Finance创始人Nathan Allman意外离世,总裁Ian De Bode接任CEO
ChainCatcher•6h agoCatcher Predict:“Tampa Bay Rays vs. Baltimore Orioles” “Tampa Bay Rays vs. Baltimore Orioles” 胜率飙升 16%
TechFlow•9h agoA certain selling address transferred 35.13 million ESPORTS tokens for sale within nearly 3 hours
Blockbeats•9h agoUS media: The US and Iran are working to resolve their language differences on nuclear issues and sanctions
TechFlow•9h agoStocks in Japan and South Korea opened higher
Blockbeats•9h ago巨鲸nemorino.eth杠杆增持7,908.3枚ETH
