{"id":42564,"date":"2023-11-01T08:39:20","date_gmt":"2023-11-01T12:39:20","guid":{"rendered":"https:\/\/www.itworldcanada.com?p=551184"},"modified":"2023-11-01T08:39:20","modified_gmt":"2023-11-01T12:39:20","slug":"cyber-security-today-nov-1-2023-atlassian-warns-admins-to-patch-confluence-servers-github-being-raided-for-aws-credentials-and-more","status":"publish","type":"post","link":"https:\/\/technewsday.com\/staging\/cyber-security-today-nov-1-2023-atlassian-warns-admins-to-patch-confluence-servers-github-being-raided-for-aws-credentials-and-more\/","title":{"rendered":"Cyber Security Today, Nov 1. , 2023 \u2013 Atlassian warns admins to patch Confluence servers, GitHub being raided for AWS credentials and more"},"content":{"rendered":"<p>Atlassian warns admins to patch Confluence servers, GitHub is being raided for AWS credentials and more.<\/p>\n<p>Welcome to Cyber Security Today. It&#8217;s Wednesday, November 1st, 2023 I&#8217;m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.<\/p>\n<p><iframe style=\"border: none;\" title=\"Libsyn Player\" src=\"https:\/\/html5-player.libsyn.com\/embed\/episode\/id\/28478228\/height\/90\/theme\/custom\/thumbnail\/yes\/direction\/forward\/render-playlist\/no\/custom-color\/000000\/\" width=\"100%\" height=\"90\" scrolling=\"no\" allowfullscreen=\"allowfullscreen\"><\/iframe><\/p>\n<table style=\"width: 100%;\">\n<tbody>\n<tr>\n<td><a href=\"https:\/\/www.amazon.com\/ITWC-Cyber-Security-Today\/dp\/B07BRNG89P\/ref=sr_1_1?s=digital-skills&amp;ie=UTF8&amp;qid=1522688435\"  rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"aligncenter wp-image-396718 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-alexa-200.png\" alt=\"Cyb er Security Today on Amazon Alexa\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<td><a href=\"https:\/\/www.google.com\/podcasts?feed=aHR0cDovL2N5YmVyc2VjdXJpdHl0b2RheS5saWJzeW4uY29tL3Jzcw%3D%3D\"  rel=\"noopener noreferrer\"><img decoding=\"async\" class=\"thumbnail aligncenter wp-image-408712 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2018\/09\/sub-gp-200.png\" alt=\"Cyber Security Today on Google Podcasts\" width=\"200\" height=\"74\" \/><\/a><\/td>\n<td><a href=\"https:\/\/itunes.apple.com\/ca\/podcast\/cyber-security-today\/id1363182054\"  rel=\"noopener noreferrer\"><img loading=\"lazy\" decoding=\"async\" loading=\"lazy\" class=\"aligncenter wp-image-396720 size-full\" src=\"https:\/\/i.itworldcanada.com\/wp-content\/uploads\/2017\/09\/sub-itunes-200.png\" alt=\"Subscribe to Cyber Security Today on Apple Podcasts\" width=\"200\" height=\"74\" border=\"none\" \/><\/a><\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><strong>Atlassian has discovered<\/strong> another major vulnerability in its Confluence Data Centre and Server products. Administrators need to patch their servers immediately to close this improper authorization hole. It&#8217;s serious enough that the company&#8217;s chief information security officer <a href=\"https:\/\/confluence.atlassian.com\/security\/cve-2023-22518-improper-authorization-vulnerability-in-confluence-data-center-and-confluence-server-1311473907.html\"  rel=\"noopener\">posted a note urging fast action.<\/a> All versions of Confluence Data Centre and Confluence Server are affected.<\/p>\n<p><strong>More news<\/strong> on the hack of MOVEit servers: The Clop\/Cl0p ransomware gang infiltrated the MOVEit server of a data processing company used by the U.S. Justice and Defence departments. What it got were the email addresses of 632,000 federal employees. That&#8217;s <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2023-10-30\/hackers-accessed-632-000-email-addresses-at-defense-doj#xj4y7vzkg\"  rel=\"noopener\">according to Bloomberg News,<\/a> which got access to a government report through a Freedom of Information request. The company was Westat Inc, which Washington uses to process surveys federal employees are asked to fill out.<\/p>\n<p><strong>Threat actors are getting craftier<\/strong> in the ways they sneak malware into open-source repositories of code. They are targeting repositories like NPM, PyPI and others hoping developers will download infected code for their apps. Then the malware will spread as the apps get sold or downloaded to users. The most recent information on hackers&#8217; tactics comes <a href=\"https:\/\/www.reversinglabs.com\/blog\/iamreboot-malicious-nuget-packages-exploit-msbuild-loophole\"  rel=\"noopener\">from a report this week by ReversingLabs<\/a> into malware that gets into the NuGet repository. Instead of putting the malware in PowerShell scripts it&#8217;s being hidden in a file in the &#8216;build&#8217; directory to avoid detection. This exploits an integration feature in NuGet. Open-source code repositories have to keep better tabs on what&#8217;s being placed on their platforms. And developers need to carefully scan any code they download for suspicious activity before putting it in their apps.<\/p>\n<p><strong>Application developers<\/strong> who use the GitHub platform for development are being warned &#8212; again &#8212; not to leave their identity and access management credentials in their code. This comes after a report this week that a threat actor has automated a way of stealing exposed Amazon AWS access credentials left in public GitHub repositories. <a href=\"https:\/\/unit42.paloaltonetworks.com\/malicious-operations-of-exposed-iam-keys-cryptojacking\/?utm_source=securityweek\"  rel=\"noopener\">According to researchers at Palo Alto Networks<\/a> this hacker can steal open credentials within five minutes of appearing on GitHub. This operation has been going for at least two years.<\/p>\n<p><strong>Website developers and administrators<\/strong> have to constantly make sure their code hasn&#8217;t been compromised to allow the theft of data. But hackers can also use your website to distribute malicious ads. The latest example <a href=\"https:\/\/www.malwarebytes.com\/blog\/threat-intelligence\/2023\/10\/malvertising-via-dynamic-search-ads-delivers-malware-bonanza\"  rel=\"noopener\">comes from researchers at Malwarebytes<\/a>. A hacker wanted to distribute a compromised version of the PyCharm program used by app developers. To do it one hacker compromised the website of a wedding planner. Anyone doing a search for PyCharm would see several links, one of which led to the website of the wedding business. There they would be shown a Google ad for the bad copy of PyCharm. Clicking on that would download the malware and render the person&#8217;s computer useless. One lesson: Make sure the security around your website is tight. That includes protecting logins with multifactor authentication.<\/p>\n<p><strong>The G7 nations<\/strong> this week <a href=\"https:\/\/digital-strategy.ec.europa.eu\/en\/library\/hiroshima-process-international-code-conduct-advanced-ai-systems\"  rel=\"noopener\">agreed on a code of conduct<\/a> for developers creating advanced artificial intelligence systems. The hope is developers in these seven countries &#8212; including Canada and the U.S. &#8212; will follow the code until governments create firm regulations and laws for the creation of trustworthy AI systems. Developers are urged to identify and mitigate risks across the AI lifecycle through external tests and red-team attacks before applications are released. In addition, they are urged to mitigate vulnerabilities found after deployment.<\/p>\n<p><strong>Finally,<\/strong> China\u2019s largest social media players, including WeChat, have told their most popular influencers to display their actual identities. <a href=\"https:\/\/www.bloomberg.com\/news\/articles\/2023-10-31\/tencent-kuaishou-demand-real-names-in-china-internet-tightening?srnd=technology-vp\"  rel=\"noopener\">Bloomberg News says<\/a> it&#8217;s a major shift that tightens Beijing\u2019s grip over the world\u2019s largest internet arena. Users with at least half a million followers have to reveal their real names in online posts.<\/p>\n<p>Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.<\/p>\n<p>The post <a href=\"https:\/\/www.itworldcanada.com\/article\/cyber-security-today-nov-1-2023-atlassian-warns-admins-to-patch-confluence-servers-github-being-raided-for-aws-credentials-and-more\/551184\">Cyber Security Today, Nov 1. , 2023 \u2013 Atlassian warns admins to patch Confluence servers, GitHub being raided for AWS credentials and more<\/a> first appeared on <a href=\"https:\/\/www.itworldcanada.com\/\">IT World Canada<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>This episode reports on a huge third-party MOVEit hack impacting US government workers<\/p>\n","protected":false},"author":17,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[360,16],"tags":[389],"class_list":["post-42564","post","type-post","status-publish","format-standard","hentry","category-podcasts","category-security","tag-cyber-security-today"],"acf":[],"_links":{"self":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/42564","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/users\/17"}],"replies":[{"embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/comments?post=42564"}],"version-history":[{"count":3,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/42564\/revisions"}],"predecessor-version":[{"id":42650,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/posts\/42564\/revisions\/42650"}],"wp:attachment":[{"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/media?parent=42564"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/categories?post=42564"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/technewsday.com\/staging\/wp-json\/wp\/v2\/tags?post=42564"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}