The FBI recently released an
alert that hackers are targeting SonarQube, software designed to scan source code for vulnerabilities. Specifically, hackers are targeting unsecure, default instances which have not been locked down and have a default username and password of admin/admin.
A search using
Shodan reveals several thousand public facing SonarQube instances, most of which are hosted on Amazon on Microsoft Azure.
The FBI recommends changing default credentials, as well as changing the default port. An additional recommendation I would make would be to restrict SonarQube access to only authorized IP address spaces, or even better yet, don't make SonarQube publicly facing.
While it's wonderful to have more security tools available, be aware that hackers will also begin attacking those same security tools.
Ken Buckler is a Cyber Security professional. The opinions expressed in this article are his own, and do not reflect those of his employer or clients.