In SaaS applications such as Google Workspace formerly G-Suite, Calendly, and many others, both human and non-human identities have access to the applications, enabling a variety of permissions and actions on the applications.
While controls such as MFA, and SSO are implemented on human accounts some non-human accounts are not subjected to the same amount of authentication controls, monitoring and logging which presents a blond spot potentially exploited by malicious hackers and attackers.
SaaS apps’ identity fabric exploits human users, service accounts, API keys, and more. Some risks associated with non-human attacks include one-time access and broad permissions. This makes them an attractive target for threat actors. By compromising any of these accounts, threat actors can gain access to applications undetected, leading to breaches, unauthorized modifications, or disruptions in service.
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the tech giant said.
“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
It, however, did not disclose what these secrets were or the scale of the compromise, although it said it has directly reached out to impacted customers. It’s not clear what source code was accessed.
Stating that it has increased in its security investments, Microsoft further noted that the adversary ramped up its password spray attacks by as much as 10-fold in February, compared to the “already large volume” observed in January.
The Microsoft breach is said to have taken place in November 2023, with Midnight Blizzard employing a password spray attack to successfully infiltrate a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled.
https://www.infosecurity-magazine.com/news/top-vulnerabilities-corporate-web/
A recent study by Kaspersky Security Assessment experts analyzed vulnerabilities in corporate web applications developed in-house between 2021 and 2023. They found numerous flaws, primarily in access control and data protection, with SQL injections being the most prevalent high-risk vulnerability. These vulnerabilities pose significant risks to organizations, potentially exposing sensitive data or allowing unauthorized access. Access control and data protection flaws accounted for 70% of examined applications, emphasizing the need for robust security measures. Weak user passwords were also a significant risk, with 78% of vulnerabilities categorized as high-risk falling into this category. The study’s findings align with the OWASP Top Ten rating categories, highlighting the importance of addressing these vulnerabilities to protect sensitive data and associated systems. To mitigate these risks, the Kaspersky team recommended implementing secure software development practices, conducting regular security assessments, and deploying monitoring mechanisms.
Python packages that steal BIP39 mnemonic phrases which are used for recovering private keys of someone’s cryptocurrency wallet. It continues to be one of the most popular targets for supply chain threat actors. One of the malicious packages is to avoid detection and the packages steal mnemonic phrases to exfiltrate the information to an actor-controlled server. The threat actors are using GitHub as a conduit to distribute this malware to other people. A supply chain security firm references a GitHub profile HashSnake which has a repository called hcrypto to extract those mnemonic phrases from crypto wallets using the package hashdecrypts.
The article discusses a cyber attack that affected US federal agencies, exploiting vulnerabilities in the file-transfer tool MOVEit. The attack, attributed to the Russian hacking group Clop, compromised approximately 632,000 government email addresses within the Departments of Defense and Justice. The Office of Personnel Management (OPM) reported the incident to a congressional committee, stating that the breached data was generally of low sensitivity and unclassified. Other affected agencies include the Department of Health and Human Services, the Department of Agriculture, and the General Services Administration. The parent company of MOVEit, Progress Software Corp., and the OPM’s vendor, Westat, have taken measures to mitigate the attack’s impact and enhance system security. Clop, active since 2019, has reportedly attacked more than 230 organizations to date. https://www.cshub.com/attacks/articles/iotw-us-federal-agencies-hit-with-moveit-cyber-attack
U.S. health officials have urged insurance companies to implement measures to mitigate disruptions caused by a significant data hack at Change Healthcare, a UnitedHealth Group company. This hack affected the company’s operations, which process billions of health-related transactions annually. As a response, the Department of Health and Human Services has requested insurers to waive prior authorizations and accept paper claims, among other steps, to ease the impact on healthcare providers and patients. This cyberattack is part of a growing trend of health data breaches in the U.S.
https://www.securityweek.com/adobe-patches-critical-flaws-in-enterprise-products/
Adobe has released a significant set of security updates to address critical vulnerabilities in various enterprise-oriented products as part of its Patch Tuesday rollout. The updates cover code execution flaws in Adobe ColdFusion, Adobe Premiere Pro, Adobe Bridge, and Adobe Lightroom. A major update for Adobe Experience Manager addresses at least 46 vulnerabilities, posing risks of arbitrary code execution and security feature bypass. Adobe’s security incident response team emphasized a critical bug in Adobe ColdFusion, warning of potential arbitrary file system read exploitation.
Ooreofeoluwa Koyejo says
https://thehackernews.com/2024/03/human-vs-non-human-identity-in-saas.html
Human vs. Non-Human Identity in SaaS
In SaaS applications such as Google Workspace formerly G-Suite, Calendly, and many others, both human and non-human identities have access to the applications, enabling a variety of permissions and actions on the applications.
While controls such as MFA, and SSO are implemented on human accounts some non-human accounts are not subjected to the same amount of authentication controls, monitoring and logging which presents a blond spot potentially exploited by malicious hackers and attackers.
SaaS apps’ identity fabric exploits human users, service accounts, API keys, and more. Some risks associated with non-human attacks include one-time access and broad permissions. This makes them an attractive target for threat actors. By compromising any of these accounts, threat actors can gain access to applications undetected, leading to breaches, unauthorized modifications, or disruptions in service.
Celinemary Turner says
https://thehackernews.com/2024/03/microsoft-confirms-russian-hackers.html
Microsoft Confirms Russian Hackers Stole Source Code, Some Customer Secrets
Microsoft on Friday revealed that the Kremlin-backed threat actor known as Midnight Blizzard (aka APT29 or Cozy Bear) managed to gain access to some of its source code repositories and internal systems following a hack that came to light in January 2024.
“In recent weeks, we have seen evidence that Midnight Blizzard is using information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access,” the tech giant said.
“This has included access to some of the company’s source code repositories and internal systems. To date we have found no evidence that Microsoft-hosted customer-facing systems have been compromised.”
It, however, did not disclose what these secrets were or the scale of the compromise, although it said it has directly reached out to impacted customers. It’s not clear what source code was accessed.
Stating that it has increased in its security investments, Microsoft further noted that the adversary ramped up its password spray attacks by as much as 10-fold in February, compared to the “already large volume” observed in January.
The Microsoft breach is said to have taken place in November 2023, with Midnight Blizzard employing a password spray attack to successfully infiltrate a legacy, non-production test tenant account that did not have multi-factor authentication (MFA) enabled.
Bo Wang says
https://www.infosecurity-magazine.com/news/top-vulnerabilities-corporate-web/
A recent study by Kaspersky Security Assessment experts analyzed vulnerabilities in corporate web applications developed in-house between 2021 and 2023. They found numerous flaws, primarily in access control and data protection, with SQL injections being the most prevalent high-risk vulnerability. These vulnerabilities pose significant risks to organizations, potentially exposing sensitive data or allowing unauthorized access. Access control and data protection flaws accounted for 70% of examined applications, emphasizing the need for robust security measures. Weak user passwords were also a significant risk, with 78% of vulnerabilities categorized as high-risk falling into this category. The study’s findings align with the OWASP Top Ten rating categories, highlighting the importance of addressing these vulnerabilities to protect sensitive data and associated systems. To mitigate these risks, the Kaspersky team recommended implementing secure software development practices, conducting regular security assessments, and deploying monitoring mechanisms.
Jon Stillwagon says
https://thehackernews.com/2024/03/watch-out-these-pypi-python-packages.html
Python packages that steal BIP39 mnemonic phrases which are used for recovering private keys of someone’s cryptocurrency wallet. It continues to be one of the most popular targets for supply chain threat actors. One of the malicious packages is to avoid detection and the packages steal mnemonic phrases to exfiltrate the information to an actor-controlled server. The threat actors are using GitHub as a conduit to distribute this malware to other people. A supply chain security firm references a GitHub profile HashSnake which has a repository called hcrypto to extract those mnemonic phrases from crypto wallets using the package hashdecrypts.
Yannick Rugamba says
The article discusses a cyber attack that affected US federal agencies, exploiting vulnerabilities in the file-transfer tool MOVEit. The attack, attributed to the Russian hacking group Clop, compromised approximately 632,000 government email addresses within the Departments of Defense and Justice. The Office of Personnel Management (OPM) reported the incident to a congressional committee, stating that the breached data was generally of low sensitivity and unclassified. Other affected agencies include the Department of Health and Human Services, the Department of Agriculture, and the General Services Administration. The parent company of MOVEit, Progress Software Corp., and the OPM’s vendor, Westat, have taken measures to mitigate the attack’s impact and enhance system security. Clop, active since 2019, has reportedly attacked more than 230 organizations to date. https://www.cshub.com/attacks/articles/iotw-us-federal-agencies-hit-with-moveit-cyber-attack
Eyup Aslanbay says
U.S. health officials have urged insurance companies to implement measures to mitigate disruptions caused by a significant data hack at Change Healthcare, a UnitedHealth Group company. This hack affected the company’s operations, which process billions of health-related transactions annually. As a response, the Department of Health and Human Services has requested insurers to waive prior authorizations and accept paper claims, among other steps, to ease the impact on healthcare providers and patients. This cyberattack is part of a growing trend of health data breaches in the U.S.
https://www.usatoday.com/story/news/health/2024/03/05/unitedhealth-cyberattack-disrupts-records-billing-security/72849687007/
Edge Kroll says
https://www.securityweek.com/adobe-patches-critical-flaws-in-enterprise-products/
Adobe has released a significant set of security updates to address critical vulnerabilities in various enterprise-oriented products as part of its Patch Tuesday rollout. The updates cover code execution flaws in Adobe ColdFusion, Adobe Premiere Pro, Adobe Bridge, and Adobe Lightroom. A major update for Adobe Experience Manager addresses at least 46 vulnerabilities, posing risks of arbitrary code execution and security feature bypass. Adobe’s security incident response team emphasized a critical bug in Adobe ColdFusion, warning of potential arbitrary file system read exploitation.