A service that helps open source developers write and test software is leaking thousands of authentication tokens and other security-sensitive secrets. Many of these leaks allow hackers to access the private accounts of developers on Github, Docker, AWS, and other code repositories, security experts said in a new report. The availability of the third-party developer credentials from Travis CI has been an ongoing problem since at least 2015. READ MORE...
French authorities believe the fiber optic cable cuts that disrupted Internet service across large swaths of France in April were likely the work of radical ecologists who oppose the digitalization of society, according to Kave Salamatian, a French academic who specializes in Internet resilience and who said he has been briefed on the investigation by colleagues at the National Cybersecurity Agency of France (ANSSI). READ MORE...
A cryptomining hacking group has been observed exploiting the recently disclosed remote code execution flaw in Atlassian Confluence servers to install miners on vulnerable servers. The vulnerability, tracked as CVE-2022-26134, was discovered as an actively exploited zero-day at the end of May, while the vendor released a fix on June 3, 2022. Various proof of concept (PoC) exploits were released in the days that followed, giving a broader base of malicious actors an easy way to exploit the flaw for their purposes. READ MORE...
A new malware variant attacking Linux systems that steals credentials and allows for remote access to victim machines camouflages so well that the researchers studying it say they can't conclude if it's being used in targeted or larger-scale attack campaigns. Security researchers from Intezer and BlackBerry's Research & Intelligence Team say the so-called Symbiote malware is unusual in that it's not a pure executable file. READ MORE...
Boffins at the University of California San Diego have found a way to track individuals via Bluetooth. Researchers discovered that the Bluetooth signals emitted by mobile phones carry a unique fingerprint, caused by small imperfections accidentally created during the manufacturing process. The results of their real-world experiment around the UC San Diego campus are impressive. READ MORE...
A researcher has shown how a key card feature introduced by Tesla last year could be abused to add an unauthorized key that allows an attacker to open and start a vehicle. The research was conducted by Martin Herfurt, an Austria-based member of the Trifinite research group, which focuses on Bluetooth security. Herfurt's analysis targeted a change made by Tesla in August 2021 to key card access, removing the requirement for users to place the key card on the central console after using it to open the vehicle. READ MORE...
Access control products using HID Mercury controllers are affected by critical vulnerabilities that can be exploited by hackers to remotely unlock doors. The vulnerabilities were discovered by researchers at XDR firm Trellix, which launched earlier this year following the merger of McAfee Enterprise and FireEye. Trellix said it received confirmation from HID Global that all OEM partners that use certain hardware controllers are affected. READ MORE...
Not all activists carry a picket sign. Some carry a soprano saxophone and a music notebook. "1985 was a really rough go of it for people who were human-rights activists," said Dr. Merryl Goldberg, music professor at California State University San Marcos, at a keynote at RSA Conference 2022 on Wednesday. "Dissidents, human rights activists, refuseniks, Helsinki Monitors had formed a musical group, to band together, literally." This was the Phantom Orchestra, which she would travel across the world to meet. READ MORE...