Security News > 2022 > June

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. The issue, previously reported in 2015 and 2019, is rooted in the fact that the API permits access to historical logs in cleartext format, enabling a malicious party to even "Fetch the logs that were previously unavailable via the API.".

A newly discovered security vulnerability in modern Intel and AMD processors could let remote attackers steal encryption keys via a power side channel attack. This can have significant security implications on cryptographic libraries even when implemented correctly as constant-time code to prevent timing-based side channels, effectively enabling an attacker to leverage the execution time variations to extract sensitive information such as cryptographic keys.

A new Golang-based peer-to-peer botnet has been spotted actively targeting Linux servers in the education sector since its emergence in March 2022. Dubbed Panchan by Akamai Security Research, the malware "Utilizes its built-in concurrency features to maximize spreadability and execute malware modules" and "Harvests SSH keys to perform lateral movement."

Microsoft officially released fixes to address an actively exploited Windows zero-day vulnerability known as Follina as part of its Patch Tuesday updates. Tracked as CVE-2022-30190, the zero-day bug relates to a remote code execution vulnerability affecting the Windows Support Diagnostic Tool when it's invoked using the "Ms-msdt:" URI protocol scheme from an application such as Word.

There's no such thing as free beer for Father's Day - at least not from Heineken. "This is a scam and is not sanctioned by Heineken," the beermaker said in a tweet, adding it has alerted the UK's national fraud and cybercrime reporting agency.

A threat actor known as 'Blue Mockingbird' targets Telerik UI vulnerabilities to compromise servers, install Cobalt Strike beacons, and mine Monero by hijacking system resources. The flaw leveraged by the attacker is CVE-2019-18935, a critical severity deserialization that leads to remote code execution in the Telerik UI library for ASP.NET AJAX. The same threat actor was seen targeting vulnerable Microsoft IIS servers that used Telerik UI in May 2020, by which time a year had passed since security updates were made available by the vendor.

Cisco notified customers this week to patch a critical vulnerability that could allow attackers to bypass authentication and login into the web management interface of Cisco email gateway appliances with non-default configurations. The security flaw was found in the external authentication functionality of virtual and hardware Cisco Email Security Appliance and Cisco Secure Email and Web Manager appliances.

A few hours ago, we recorded this week's Naked Security podcast, right on Patch Tuesday itself. We said as much in the podcast, and inferred, that Follina either wasn't really considered a bug, and therefore didn't get fixed, or was still in the process of getting some sort of fix that wasn't ready in time.

Technical details have emerged on a high-severity vulnerability affecting certain versions of the Zimbra email solution that hackers could exploit to steal logins without authentication or user interaction. A fix has been published in Zimbra versions ZCS 9.0.0 Patch 24.1 and ZCS 8.8.15 Patch 31.1, available since May 10, 2022.

Shoprite Holdings, Africa's largest supermarket chain that operates almost three thousand stores across twelve countries in the continent, has been hit by a ransomware attack. "Additional security measures to protect against further data loss were implemented by amending authentication processes and fraud prevention and detection strategies to protect customer data," mentions the firm's statement.