Security News

Cryptocurrency exchange Binance temporarily halted its blockchain network on Thursday in response to a cyberattack that led to the theft of two million BNB tokens, notionally exchangeable for $566 million in fiat currency. The shutdown, requiring the cooperation of 26 validators to close the decentralized system, occurred around 2200 UTC on October 6, as a result of the exploitation of the BSC Token Hub bridge, which connects the BNB Beacon Chain and the BNB Smart Chain so tokens from different blockchains can be exchanged.

Security analysts have found a severe security vulnerability in the desktop app for Microsoft Teams that gives threat actors access to authentication tokens and accounts with multi-factor authentication turned on. The newly discovered security issue impacts versions of the application for Windows, Linux, and Mac and refers to Microsoft Teams storing user authentication tokens in clear text without protecting access to them.

Cryptocurrency protocol Nomad describes itself as "An optimistic interoperability protocol that enables secure cross-chain communication," and promises that it's a "Security-first cross-chain messaging protocol." Some Twitterati are already using the word rugpull, a pejorative phrase in the cryptocoin world, used to imply that a cryptocurrency hack was some sort of inside job, enabled or carried out on purpose.

Theoretically, with exposed tokens, an attacker could've accessed users' personal data from a number of different Amazon apps - not just Photos but also, for example, Amazon Drive. To authenticate users across various apps within their ecosystem, like other software suite vendors, Amazon uses access tokens.

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. The issue, previously reported in 2015 and 2019, is rooted in the fact that the API permits access to historical logs in cleartext format, enabling a malicious party to even "Fetch the logs that were previously unavailable via the API.".

For a second time in less than a year, the Travis CI platform for software development and testing has exposed user data containing authentication tokens that could give access to developers' accounts on GitHub, Amazon Web Services, and Docker Hub. Researchers at Aqua Security discovered that "Tens of thousands of user tokens" are exposed through the Travis CI API that offer access to more than 770 million logs with various types of credentials belonging to free tier users.

Salesforce-owned subsidiary Heroku on Thursday acknowledged that the theft of GitHub integration OAuth tokens further involved unauthorized access to an internal customer database. As a consequence, Salesforce said it's resetting all Heroku user passwords and ensuring that potentially affected credentials are refreshed.

Cloud-based code hosting platform GitHub described the recent attack campaign involving the abuse of OAuth access tokens issued to Heroku and Travis-CI as "Highly targeted" in nature. "This pattern of behavior suggests the attacker was only listing organizations in order to identify accounts to selectively target for listing and downloading private repositories," GitHub's Mike Hanley said in an updated post.

GitHub revealed details tied to last week's incident where hackers, using stolen OAuth tokens, downloaded data from private repositories. "We do not believe the attacker obtained these tokens via a compromise of GitHub or its systems because the tokens in question are not stored by GitHub in their original, usable formats," said Mike Hanley, chief security officer, GitHub.

GitHub has shared a timeline of this month's security breach when a threat actor gained access to and stole private repositories belonging to dozens of organizations. The attacker used stolen OAuth app tokens issued to Heroku and Travis-CI to breach GitHub.com customer accounts with authorized Heroku or Travis CI OAuth app integrations.