Global boutique consulting firm Credera was claimed to have been compromised in a cyberattack that exposed documents involving its high-profile clients, including AT&T, Mercedes-Benz, AstraZeneca, and Southwest Airlines, Cybernews reports.Allegedly pilfered in the cyber intrusion were Credera's confidential files, Terraform documents, internal customer files, SSL certificates, source code from Credera and its clients, hardcoded and SMTP credentials, private and public keys, API keys, SQL files, pipeline builds, GitHub projects, and internal projects, as well as correspondence between the consulting company and its clients.Analysis of the data samples posted by attackers revealed a confidential clinical trial file and a software development lifecycle strategy."Attackers could use exposed source code and software architecture to create more tailored vulnerability exploits. Hard-coded secrets such as authentication tokens could grant unauthorized access to companies' internal APIs," said Cybernews researchers, who also warned of potential internal API exploitation to leak customer and financial records, as well as intellectual property.
Related Events
Get daily email updates
SC Media's daily must-read of the most current and pressing daily news
Related Terms
Attack VectorYou can skip this ad in 5 seconds