Atlassian warns admins to patch Confluence servers, GitHub is being raided for AWS credentials and more.
Welcome to Cyber Security Today. It’s Wednesday, November 1st, 2023 I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.
Atlassian has discovered another major vulnerability in its Confluence Data Centre and Server products. Administrators need to patch their servers immediately to close this improper authorization hole. It’s serious enough that the company’s chief information security officer posted a note urging fast action. All versions of Confluence Data Centre and Confluence Server are affected.
More news on the hack of MOVEit servers: The Clop/Cl0p ransomware gang infiltrated the MOVEit server of a data processing company used by the U.S. Justice and Defence departments. What it got were the email addresses of 632,000 federal employees. That’s according to Bloomberg News, which got access to a government report through a Freedom of Information request. The company was Westat Inc, which Washington uses to process surveys federal employees are asked to fill out.
Threat actors are getting craftier in the ways they sneak malware into open-source repositories of code. They are targeting repositories like NPM, PyPI and others hoping developers will download infected code for their apps. Then the malware will spread as the apps get sold or downloaded to users. The most recent information on hackers’ tactics comes from a report this week by ReversingLabs into malware that gets into the NuGet repository. Instead of putting the malware in PowerShell scripts it’s being hidden in a file in the ‘build’ directory to avoid detection. This exploits an integration feature in NuGet. Open-source code repositories have to keep better tabs on what’s being placed on their platforms. And developers need to carefully scan any code they download for suspicious activity before putting it in their apps.
Application developers who use the GitHub platform for development are being warned — again — not to leave their identity and access management credentials in their code. This comes after a report this week that a threat actor has automated a way of stealing exposed Amazon AWS access credentials left in public GitHub repositories. According to researchers at Palo Alto Networks this hacker can steal open credentials within five minutes of appearing on GitHub. This operation has been going for at least two years.
Website developers and administrators have to constantly make sure their code hasn’t been compromised to allow the theft of data. But hackers can also use your website to distribute malicious ads. The latest example comes from researchers at Malwarebytes. A hacker wanted to distribute a compromised version of the PyCharm program used by app developers. To do it one hacker compromised the website of a wedding planner. Anyone doing a search for PyCharm would see several links, one of which led to the website of the wedding business. There they would be shown a Google ad for the bad copy of PyCharm. Clicking on that would download the malware and render the person’s computer useless. One lesson: Make sure the security around your website is tight. That includes protecting logins with multifactor authentication.
The G7 nations this week agreed on a code of conduct for developers creating advanced artificial intelligence systems. The hope is developers in these seven countries — including Canada and the U.S. — will follow the code until governments create firm regulations and laws for the creation of trustworthy AI systems. Developers are urged to identify and mitigate risks across the AI lifecycle through external tests and red-team attacks before applications are released. In addition, they are urged to mitigate vulnerabilities found after deployment.
Finally, China’s largest social media players, including WeChat, have told their most popular influencers to display their actual identities. Bloomberg News says it’s a major shift that tightens Beijing’s grip over the world’s largest internet arena. Users with at least half a million followers have to reveal their real names in online posts.
Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.