Security News

On Thursday, Check Point Research published a report outlining how an attacker could have exploited the bugs to access Atlassian's Jira: a proprietary bug-tracking and agile project management tool. CPR researchers said that with just one click, an attacker could have siphoned sensitive information out of Jira, such as "Security issues on Atlassian cloud, Bitbucket and on-premise products."

A security researcher claims he discovered a critical vulnerability in Apple's password reset feature that could have been used to take over any iCloud account, but Apple has downplayed the impact of the flaw. The issue, researcher Laxman Muthiyah says, was a bypass of the various security measures Apple has in place to prevent attempts to brute force the 'forgot password' functionality for Apple accounts.

A vulnerability in the Peloton Bike+fitness machine has been fixed that could have allowed a threat actor to gain complete control over the device, including its video camera and microphone. Peloton is the manufacturer of immensely popular fitness machines, including the Peloton Bike, Peloton Bike+, and the Peloton Tread. In a new report released by McAfee, researchers explain how they purchased a Peloton Bike+ to poke at the underlying Android operating system and see if they could find a way to compromise the device.

"Security teams today have to deal with a dizzying array of security tools from CASBs, PAMs, IGAs, CIEMs, SSPMs, and more-and they still lack insight and control over human and machine identities and permissions in cloud platforms and applications," said Art Poghosyan, CEO of Britive. Britive's Dynamic Permissioning Platform takes the complexity and time out of securing identities and permissions across multi-cloud environments, including AWS, Azure, GCP, Snowflake, Salesforce, ServiceNow and Oracle Cloud.

A veritable cornucopia of security vulnerabilities in the Exim mail server have been uncovered, some of which could be chained together for unauthenticated remote code execution, gaining root privileges and worm-style lateral movement, according to researchers. "Exim Mail Servers are used so widely and handle such a large volume of the internet's traffic that they are often a key target for hackers," Jogi said, noting that last year, a vulnerability in Exim was a target of the Russian advanced persistent threat known as Sandworm.

A critical security vulnerability in the VMware Carbon Black Cloud Workload appliance would allow privilege escalation and the ability to take over the administrative rights for the solution. The VMware Carbon Black Cloud Workload platform is designed to provide cybersecurity defense for virtual servers and workloads that are hosted on the VMware's vSphere platform.

Activision, the company behind Call of Duty: Warzone, has issued a warning that a threat actor is taking out ads for cheat tools, which instead turn out to be remote-access trojan malware. The scam was first floated in March when a cyberattacker posted in hacking forums that they had a free, "Newbie-friendly" method for spreading a RAT: Convince victims the malware is a video game cheat, Activision said in its warning.

Acer sent out the same statement to multiple news outlets, refusing to confirm or deny the attack and only saying companies like it "Are constantly under attack, and we have reported recent abnormal situations observed to the relevant law enforcement and data protection authorities in multiple countries." Bleeping Computer also reported that there are some indications showing the people behind REvil used a Microsoft Exchange server on Acer's domain, potentially making it one of the first times a ransomware group leveraged a heavily publicized vulnerability to complete an attack.

The fact that 3 in 4 companies have experienced malicious account takeover attacks highlights the need to track and secure identities as they move from on prem to the cloud. Just one in three security professionals believe they could identify and stop an account takeover attack immediately, the majority expect to take days or even weeks to intercept such a breach.

A new report, developed by Aite Group, and underwritten by GIACT, uncovers the striking pervasiveness of identity theft perpetrated against U.S. consumers and tracks shifts in banking behaviors adopted as a result of the pandemic. According to the report, from 2019 to 2020, 47% of U.S. consumers surveyed experienced identity theft; 37% experienced application fraud.