I wonder if this is related to the supply chain attack they talked about at GrafanaCon[1] or a fresh leak. If latter, wonder what they missed since it seemed like they got their detectors/scanners set up well. Curious to read the report on this.
Quote: “ The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. ...we’ve determined the appropriate path forward is to not pay the ransom.”
>We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase.
I don't much like the securityese dialect of bureaucratese, but doesn't it make more sense as "We recently discovered that a threat actor obtained a token with access to the Grafana Labs GitHub environment, enabling the unauthorized party to download our codebase" ?
you can't just drop in buzzwords willy nilly, they buzz better in the right places.
non-twitter link https://xcancel.com/grafana/status/2055827123236171827#m
I wonder if this is related to the supply chain attack they talked about at GrafanaCon[1] or a fresh leak. If latter, wonder what they missed since it seemed like they got their detectors/scanners set up well. Curious to read the report on this.
[1] https://youtu.be/4D068lS85NY
Quote: “ The attacker attempted to blackmail us, demanding payment to prevent the release of our codebase. ...we’ve determined the appropriate path forward is to not pay the ransom.”
Don't pay the Dane-geld: https://en.wikipedia.org/wiki/Dane-geld_(poem)
aren't they just psql tho? well, i guess we will find out soon.
Their whole repo had been made public !!!!
https://github.com/grafana/grafana
/s
This is worse than the Linux kernel source code leaks of April 1st.
I think they mean grafana cloud.
>We recently discovered that an unauthorized party obtained a token with access to the Grafana Labs GitHub environment, enabling the threat actor to download our codebase.
I don't much like the securityese dialect of bureaucratese, but doesn't it make more sense as "We recently discovered that a threat actor obtained a token with access to the Grafana Labs GitHub environment, enabling the unauthorized party to download our codebase" ?
you can't just drop in buzzwords willy nilly, they buzz better in the right places.