Louisiana and Oregon warn that millions of driver’s licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. […] Read More
BleepingComputer
The all in one place for non-profit security aid.
Louisiana and Oregon warn that millions of driver’s licenses were exposed in a data breach after a ransomware gang hacked their MOVEit Transfer security file transfer systems to steal stored data. […] Read More
BleepingComputer
Atlassian Sourcetree For Mac & Windows Flaw Let Attackers Execute Remote Code
A critical security vulnerability has been discovered in Atlassian’s popular version control client, Sourcetree, affecting both Mac and Windows versions.
The flaw, identified as CVE-2024-21697, allows unauthenticated attackers to execute arbitrary code remotely, posing a significant risk to users.
The vulnerability, which carries a high severity rating with a CVSS score of 8.8, was introduced in Sourcetree for Mac version 4.2.8 and Sourcetree for Windows version 3.4.19.
This remote code execution (RCE) flaw has the potential to compromise the confidentiality, integrity, and availability of affected systems.
Security researchers have warned that successful exploitation of this vulnerability could grant attackers complete control over the targeted systems.
Atlassian, the company behind Sourcetree, has responded swiftly to the security threat. They have released patches to address the vulnerability and are strongly urging all users to update their software immediately.
Maximizing Cybersecurity ROI: Expert Tips for SME & MSP Leaders – Attend Free Webinar
The attack vector requires user interaction, but the specifics of how the vulnerability can be triggered have not been disclosed to prevent further exploitation.
The fixed versions are:
Users who are unable to upgrade to the latest versions are advised to update to these specific patched releases at a minimum.
This security issue is part of a larger set of vulnerabilities addressed in Atlassian’s November 2024 Security Bulletin. The bulletin includes details on 19 high-severity vulnerabilities that have been fixed across various Atlassian products.
The discovery of this vulnerability highlights the ongoing challenges in software security, particularly for widely-used development tools.
Atlassian has not reported any instances of this vulnerability being exploited in the wild. However, given the severity and potential impact of the flaw, users are strongly encouraged to take immediate action to protect their systems.
For those using Sourcetree in their development workflows, it is crucial to verify the version currently in use and update as soon as possible. Users can download the latest versions of Sourcetree for both Mac and Windows from the official Atlassian website.
Moreover, the best practices in cybersecurity should be followed, including keeping all software up to date, being cautious when interacting with unknown or suspicious content, and maintaining robust security measures across development environments.
Are you from SOC/DFIR Teams? – Analyse Malware Files & Links with ANY.RUN -> Try for Free
The post Atlassian Sourcetree For Mac & Windows Flaw Let Attackers Execute Remote Code appeared first on Cyber Security News.
Google Chrome gets ‘Device Bound Session Credentials’ to stop cookie theft
[[{“value”:”
Google has announced the introduction of Device Bound Session Credentials (DBSC) to secure Chrome users against cookie theft.
In January we reported how hackers found a way to gain unauthorized access to Google accounts, bypassing multi-factor authentication (MFA), by stealing authentication cookies with info-stealer malware. An authentication cookie is added to a web browser after a user proves who they are by logging in. It tells a website that a user has already logged in, so they aren’t asked for their username and password over and over again. A cybercriminal with an authentication cookie for a website doesn’t need a password, because the website thinks they’ve already logged in. It doesn’t even matter if the owner of the account changes their password.
At the time, Google said it would take action:
“We routinely upgrade our defenses against such techniques and to secure users who fall victim to malware. In this instance, Google has taken action to secure any compromised accounts detected.”
However, some info stealers reportedly updated their methods to counter Google’s fraud detection measures.
The idea that malware could steal authentication cookies and send them to a criminal did not sit well with Google. In its announcement it explains that, “because of the way cookies and operating systems interact, primarily on desktop operating systems, Chrome and other browsers cannot protect them against malware that has the same level of access as the browser itself.”
So it turned to another solution. And if the simplicity of the solution is any indication for its effectiveness, then this should be a good one.
It works by using cryptography to limit the use of an authentication cookie to the device that first created it. When a user visits a website and starts a session, the browser creates two cryptographic keys—one public, one private. The private key is stored on the device in a way that is hard to export, and the public key is given to the website. The website uses the public key to verify that the browser using the authentication cookie has the private key. In order to use a stolen cookie, a thief would also need to steal the private key, so the more robust the “hard to export” bit gets, the safer your cookies will be.
Google stated in its announcement that it thinks this will substantially reduce the success rate of cookie theft malware. This would force attackers to act locally on a device, which makes on-device detection and cleanup more effective, both for anti-malware software as well as for enterprise managed devices.
As such, Device Bound Session Credentials fits in well with Google’s strategy to phase out third-party cookies.
Development of the project is done in the open at Github with the goal of DBSC becoming an open web standard. The goal is to have a fully working trial ready by the end of 2024. Google says that identity providers such as Okta, and browsers such as Microsoft Edge, have expressed interest in DBSC as they want to secure their users against cookie theft.
We don’t just report on threats—we remove them
Cybersecurity risks should never spread beyond a headline. Keep threats off your devices by downloading Malwarebytes today.
“}]] Read More
Malwarebytes
Fake Discount Sites Exploit Black Friday to Hijack Shopper Information
A new phishing campaign is targeting e-commerce shoppers in Europe and the United States with bogus pages that mimic legitimate brands with the goal of stealing their personal information ahead of the Black Friday shopping season.
“The campaign leveraged the heightened online shopping activity in November, the peak season for Black Friday discounts. The threat actor used fake discounted products Read More