Security News
AWS fixed three authentication bugs present in one line of code in its IAM Authenticator for Kubernetes, used by the cloud giant's popular managed Kubernetes service Amazon EKS, that could allow an attacker to escalate privileges within a Kubernetes cluster. Amazon updated all EKS clusters worldwide as of June 28, and the new version of the AWS IAM Authenticator for Kubernetes fixes the flaw.
Sonatype researchers have discovered Python packages that contain malicious code that peek into and expose secret AWS credentials, network interface information, and environment variables. All those credentials and metadata then get uploaded to one or more endpoints, and anyone on the web can see this.
Researchers have discovered a number of malicious Python packages in the official third-party software repository that are engineered to exfiltrate AWS credentials and environment variables to a publicly exposed endpoint. The list of packages includes loglib-modules, pyg-modules, pygrata, pygrata-utils, and hkg-sol-utils, according to Sonatype security researcher Ax Sharma.
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.
Multiple malicious Python packages available on the PyPI repository were caught stealing sensitive information like AWS credentials and transmitting it to publicly exposed endpoints accessible by anyone. PyPI is a repository of open-source packages that software developers use to pick the building blocks of their Python-based projects or share their work with the community.
The conviction follows the infamous 2019 hack of Capital One in which personal information of more than 100 million US and Canadian credit card applicants were swiped from the financial giant's misconfigured cloud-based storage. The data was submitted by credit card hopefuls between 2005 and early 2019, and Thompson was able to get into Capital One's AWS storage thanks to a "Misconfigured web application firewall."
For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that "Tens of thousands of user tokens" are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.
Two trojanized Python and PHP packages have been uncovered in what's yet another instance of a software supply chain attack targeting the open source ecosystem. One of the packages in question is "Ctx," a Python module available in the PyPi repository.
A keen-eyed researcher at SANS recently wrote about a new and rather specific sort of supply chain attack against open-source software modules in Python and PHP. Following on-line discussions about a suspicious public Python module, Yee Ching Tok noted that a package called ctx in the popular PyPi repository had suddenly received an "Update", despite not otherwise being touched since late 2014. In theory, of course, there's nothing wrong with old packages suddenly coming back to life.
The hacker behind this hijack has now broken silence and explained his reasons to BleepingComputer. The hijacker of these libraries is an Istanbul-based security researcher, Yunus Aydın aka SockPuppets, who has attested to the fact when approached by BleepingComputer.