Cyber Security Today, Nov 1. , 2023 – Atlassian warns admins to patch Confluence servers, GitHub being raided for AWS credentials and more

Share post:

Atlassian warns admins to patch Confluence servers, GitHub is being raided for AWS credentials and more.

Welcome to Cyber Security Today. It’s Wednesday, November 1st, 2023 I’m Howard Solomon, contributing reporter on cybersecurity for and in the U.S.

Cyb er Security Today on Amazon Alexa Cyber Security Today on Google Podcasts Subscribe to Cyber Security Today on Apple Podcasts

Atlassian has discovered another major vulnerability in its Confluence Data Centre and Server products. Administrators need to patch their servers immediately to close this improper authorization hole. It’s serious enough that the company’s chief information security officer posted a note urging fast action. All versions of Confluence Data Centre and Confluence Server are affected.

More news on the hack of MOVEit servers: The Clop/Cl0p ransomware gang infiltrated the MOVEit server of a data processing company used by the U.S. Justice and Defence departments. What it got were the email addresses of 632,000 federal employees. That’s according to Bloomberg News, which got access to a government report through a Freedom of Information request. The company was Westat Inc, which Washington uses to process surveys federal employees are asked to fill out.

Threat actors are getting craftier in the ways they sneak malware into open-source repositories of code. They are targeting repositories like NPM, PyPI and others hoping developers will download infected code for their apps. Then the malware will spread as the apps get sold or downloaded to users. The most recent information on hackers’ tactics comes from a report this week by ReversingLabs into malware that gets into the NuGet repository. Instead of putting the malware in PowerShell scripts it’s being hidden in a file in the ‘build’ directory to avoid detection. This exploits an integration feature in NuGet. Open-source code repositories have to keep better tabs on what’s being placed on their platforms. And developers need to carefully scan any code they download for suspicious activity before putting it in their apps.

Application developers who use the GitHub platform for development are being warned — again — not to leave their identity and access management credentials in their code. This comes after a report this week that a threat actor has automated a way of stealing exposed Amazon AWS access credentials left in public GitHub repositories. According to researchers at Palo Alto Networks this hacker can steal open credentials within five minutes of appearing on GitHub. This operation has been going for at least two years.

Website developers and administrators have to constantly make sure their code hasn’t been compromised to allow the theft of data. But hackers can also use your website to distribute malicious ads. The latest example comes from researchers at Malwarebytes. A hacker wanted to distribute a compromised version of the PyCharm program used by app developers. To do it one hacker compromised the website of a wedding planner. Anyone doing a search for PyCharm would see several links, one of which led to the website of the wedding business. There they would be shown a Google ad for the bad copy of PyCharm. Clicking on that would download the malware and render the person’s computer useless. One lesson: Make sure the security around your website is tight. That includes protecting logins with multifactor authentication.

The G7 nations this week agreed on a code of conduct for developers creating advanced artificial intelligence systems. The hope is developers in these seven countries — including Canada and the U.S. — will follow the code until governments create firm regulations and laws for the creation of trustworthy AI systems. Developers are urged to identify and mitigate risks across the AI lifecycle through external tests and red-team attacks before applications are released. In addition, they are urged to mitigate vulnerabilities found after deployment.

Finally, China’s largest social media players, including WeChat, have told their most popular influencers to display their actual identities. Bloomberg News says it’s a major shift that tightens Beijing’s grip over the world’s largest internet arena. Users with at least half a million followers have to reveal their real names in online posts.

Follow Cyber Security Today on Apple Podcasts, Google Podcasts or add us to your Flash Briefing on your smart speaker.

The post Cyber Security Today, Nov 1. , 2023 – Atlassian warns admins to patch Confluence servers, GitHub being raided for AWS credentials and more first appeared on IT World Canada.
Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of and Computing Canada. An IT journalist since 1997, I've written for and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times.


Related articles

Google’s Gemini AI caught scanning private Google Drive documents without permission

Google's Gemini AI has come under fire for scanning private PDF documents in Google Drive without user consent....

Massive AT&T breach in 2022 one of the largest private communications data breaches

AT&T announced a significant data breach affecting nearly all of its mobile phone customers, marking one of the...

The Microsoft AI feature you may never see: Hashtag Trending for Monday, July 15, 2024

Has Microsoft created a voice generator that is so good they won’t release it to the public?  Is...

Passionate about Data: Hashtag Trending, the Weekend Edition with guest Chandrashekhar LSP, Zoho Canada

Welcome to Hashtag Trending the weekend edition. I'm your host, Jim Love. Passionate about data. That's how I'll...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways