Grafana:调查发现近期的安全事件未影响客户生产系统和运营
ChainCatcher 消息,开源数据可视化工具 Grafana 发布对 5 月 16 日的安全事件调查的最新进展,调查发现,此次事件仅限于 Grafana Labs 的 GitHub 环境,包括公开和私有源代码以及内部 GitHub 仓库,并未影响客户生产系统、运营或 Grafana Cloud 平台。下载的内容除源代码外,还包含部分团队用于协作和存储内部运营信息及业务细节的仓库,涉及业务联系姓名和邮箱地址,而非来自生产系统或云平台的数据。
Grafana Labs 明确表示代码库被下载但未被篡改,目前客户和开源用户无需采取任何行动。该事件源于通过 Mini Shai-Hulud 运动进行的 TanStack npm 供应链攻击。Grafana Labs 于 5 月 11 日检测到恶意活动并启动应急响应,但因遗漏一个凭证导致攻击者获得访问权限。5 月 16 日收到赎金要求后,公司决定不支付赎金,并已轮换自动化凭证、实施增强监控、审计自 5 月 11 日以来的所有提交,并大幅强化了 GitHub 安全配置。公司已通知联邦执法部门,调查仍在进行中。
Disclaimer: OKX Orbit content is provided for informational purposes only. Learn more
Replies
Related Flash News
Odaily•12m agoIndia plans to send oil tankers to cross the Strait of Hormuz to restore energy imports to the Middle East
ChainCatcher•25m agoOKX will stop trading USDC in the USDT/USD(S) pair
Odaily•30m agoTwo addresses simultaneously opened 10x PEPE long positions, with a total position of $3.37 million
Odaily•32m agoAlibaba's Qianwen model Qwen 3.7-MaX was released
ChainCatcher•2h agoLighter completes the L2 escape mechanism verification, and users can still withdraw money to the mainnet when the sequencer fails
ChainCatcher•2h agoMultiple Bankr user wallets were stolen, involving Grok's interaction with Bankrbot resulting in unauthorized transaction signatures
币界网•2h agoWell-known trader Loracle: "HYPE Short Positions TOP 1": Well-known trader Loracle opened 874,155 new long positions of LIT on HyperLiquid
ChainCatcher•3h agoBank of England Deputy Governor: Tokenization can reduce costs, accelerate settlements, and promote competition
ChainCatcher•3h agoAI patent platform Stilta completed a $10.5 million seed round of financing, led by a16z
ChainCatcher•3h agoHuatai Securities: The Federal Reserve may raise interest rates twice next year