June 22, 2022

Public Travis CI Logs (Still) Expose Users to Cyber Attacks

June 13, 2022

Researchers at Aqua Security released research detailing how tens of thousands of user tokens were exposed via Travis CI API. By using an API call, millions of logs can be accessed in clear text. Within these logs are credentials, developer secrets, and tokens from cloud providers, including AWS, Docker Hub, and GitHub. The exposure of this information could lead to account takeover, database access, privileged access to code repos, or using the data for lateral movement within other services such as AWS S3.    

Data Security Perspective: Users should regularly rotate credentials, keys, and tokens so that in the event these are stolen, they will not be of use. Additionally, users should not print these secrets to logs as the report explains how they can be exposed inadvertently in logs. Finally, organizations should deploy a data security platform to help identify where their secrets are stored.

Turkish Based Airline’s Sensitive EFB Data Leaked

May 30, 2022

Turkish Airline Pegasus Airline has had its Electronic Flight Bag (EFB) left exposed due to an AWS S3 bucket left without password protection. The bucket, which contained almost 23 million files, included crew PII, source code, and sensitive flight information. The exposed data included flight charts and revisions, pre-flight checks, insurance documents, photos and signatures of staff, plaintext passwords, AWS secret keys, among other files. Pegasus has since secured the bucket. 

Data Security Perspective:  More and more companies are facing large data exposures, frequently due to Amazon Web Services misconfigurations. In this instance, Pegasus left their AWS S3 bucket publicly accessible due to a lack of password protection and is facing fines as a result. S3 users should ensure their buckets are configured appropriately, especially with adding password protection. The Open Raven Data Security Platform and Magpie, our open-source CSPM, can alert users to misconfigurations and other security policy violations.

Related Magpie Rules:  aws-storage-s3-bucket-default-lock-enabled | aws-storage-s3-bucket-level-public-access-prohibited | aws-iam-and-security-iam-attached-policies | aws-security-best-practices

SynLapse – Technical Details for Critical Azure Synapse Vulnerability

June 14, 2022

Researcher Tzah Pahima from Orca Security has discovered a vulnerability in Microsoft Azure. The vulnerability, named “SynLapse”, enables attackers to gain credentials, control other Synapse workspaces, execute code, and leak customer credentials outside of Azure. Exploiting a shell injection vulnerability leads to remote code execution in the Magnitude Simba Redshift ODBC that Microsoft’s software uses. 

Data Security Perspective: Microsoft has since implemented the changes Orca recommended, including limited API usage and using a sandboxed VM, mitigating the vulnerability. Microsoft also recommends users of Synapse workspace or Azure Data Factory should do so with a managed virtual network to provide better isolation.

Shields Health Care Group Data Breach Affects 2 Million Patients

June 7, 2022

Shields Health Care Group, a Massachusetts-based medical company, has suffered a data breach. The breach, which occurred in March 2022, was caused by malicious actors gaining access to the company’s systems. As a result, the information of 2 million patients was accessed. This information included: billing information, birth dates, home addresses, medical diagnoses, insurance numbers, and Social Security numbers, among other medical PII. 

Data Security Perspective: Affected patients should be aware of attempts to use their personal information for fraudulent purposes. Organizations should ensure their services follow security policies to avoid unauthenticated access to data, especially sensitive data.

Other News

Symbiote Deep-Dive: Analysis of a New, Nearly-Impossible-to-Detect Linux Threat
Panchan’s Mining Rig: New Golang Peer-to-Peer Botnet Says “Hi!”
PyPI Package ‘keep’ Mistakenly Included A Password Stealer
​​Another 1.3M Patients Added To Data Breach Tally of Ransomware Attack on Eye Care Leaders
Data Breach At US Ambulance Billing Service Comstar Exposed Patients’ Healthcare Information

Cloud Security Bulletins

GCP