IT Security Newsletter

IT Security Newsletter - 6/13/2022

Written by Cadre | Mon, Jun 13, 2022

Credentials for thousands of open source projects free for the taking-again!

A service that helps open source developers write and test software is leaking thousands of authentication tokens and other security-sensitive secrets. Many of these leaks allow hackers to access the private accounts of developers on Github, Docker, AWS, and other code repositories, security experts said in a new report. The availability of the third-party developer credentials from Travis CI has been an ongoing problem since at least 2015. READ MORE...

String of attacks on French telecom infrastructure preceded April attack on fiber optic cables

French authorities believe the fiber optic cable cuts that disrupted Internet service across large swaths of France in April were likely the work of radical ecologists who oppose the digitalization of society, according to Kave Salamatian, a French academic who specializes in Internet resilience and who said he has been briefed on the investigation by colleagues at the National Cybersecurity Agency of France (ANSSI). READ MORE...

Hackers exploit recently patched Confluence bug for cryptomining

A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. The vulnerability, tracked as CVE-2022-26134, was discovered as an actively exploited zero-day at the end of May, while the vendor released a fix on June 3, 2022. Various proof of concept (PoC) exploits were released in the days that followed, giving a broader base of malicious actors an easy way to exploit the flaw for their purposes. READ MORE...

New Linux Malware 'Nearly Impossible to Detect'

A new malware variant attacking Linux systems that steals credentials and allows for remote access to victim machines camouflages so well that the researchers studying it say they can't conclude if it's being used in targeted or larger-scale attack campaigns. Security researchers from Intezer and BlackBerry's Research & Intelligence Team say the so-called Symbiote malware is unusual in that it's not a pure executable file. READ MORE...

You can be tracked via your Bluetooth signal, researchers claim

Boffins at the University of California San Diego have found a way to track individuals via Bluetooth. Researchers discovered that the Bluetooth signals emitted by mobile phones carry a unique fingerprint, caused by small imperfections accidentally created during the manufacturing process. The results of their real-world experiment around the UC San Diego campus are impressive. READ MORE...

Researcher Shows How Tesla Key Card Feature Can Be Abused to Steal Cars

A researcher has shown how a key card feature introduced by Tesla last year could be abused to add an unauthorized key that allows an attacker to open and start a vehicle. The research was conducted by Martin Herfurt, an Austria-based member of the Trifinite research group, which focuses on Bluetooth security. Herfurt's analysis targeted a change made by Tesla in August 2021 to key card access, removing the requirement for users to place the key card on the central console after using it to open the vehicle. READ MORE...

Vulnerabilities in HID Mercury Access Controllers Allow Hackers to Unlock Doors

Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited by hackers to remotely unlock doors. The vulnerabilities were discovered by researchers at XDR firm Trellix, which launched earlier this year following the merger of McAfee Enterprise and FireEye. Trellix said it received confirmation from HID Global that all OEM partners that use certain hardware controllers are affected. READ MORE...

How 4 Young Musicians Hacked Sheet Music to Help Fight the Cold War

Not all activists carry a picket sign. Some carry a soprano saxophone and a music notebook. "1985 was a really rough go of it for people who were human-rights activists," said Dr. Merryl Goldberg, music professor at California State University San Marcos, at a keynote at RSA Conference 2022 on Wednesday. "Dissidents, human rights activists, refuseniks, Helsinki Monitors had formed a musical group, to band together, literally." This was the Phantom Orchestra, which she would travel across the world to meet. READ MORE...

  • ...in 1966, Miranda rights are established by the Supreme Court, in their decision regarding Miranda v. Arizona.
  • ...in 1970, The Beatles release their last #1 single, "The Long and Winding Road" from the "Let It Be" album.
  • ...in 1971, the New York Times publishes The Pentagon Papers, revealing that the Vietnam War had been secretly expanded into Cambodia and Laos.
  • ...in 1991, the volcanic Mt. Pinatubo in the Philippines begins to erupt for the first time in over 500 years, causing evacuations of a 40 km area near Manila.