Lessons From the GitHub Cybersecurity Breach

From darkreading.com

The front entrance of Salesforce Tower in New York, with cartoon figures of a pair of bears waving at the door

No one likes to hear the B-word: breach. Developers definitely don’t want to hear that word in relation to a platform they use day in and day out.

When GitHub revealed details about a security breach that allowed an unknown attacker to download data from dozens of private code repositories earlier this year, it was a nightmare scenario. Attackers were using information collected from GitHub to target two third-party cloud platforms-as-a-service (PaaS): Heroku and Travis CI.

Attackers had stolen OAuth tokens issued to Heroku and Travis CI and used them to access and download the contents of private repositories, GitHub found.

Read more…

The secrets of Schneider Electric’s UMAS protocol

From securelist.com

UMAS (Unified Messaging Application Services) is a proprietary Schneider Electric (SE) protocol used to configure and monitor Schneider Electric PLCs. Schneider Electric controllers that use UMAS include Modicon M580 CPU (part numbers BMEP* and BMEH*) and Modicon M340 CPU (part numbers BMXP34*). Controllers are configured and programmed using engineering software – EcoStruxure™ Control Expert (Unity Pro), EcoStruxure™ Process Expert, etc.

Read more…

Go-based Chaos malware is rapidly growing targeting Windows, Linux and more

From securityaffairs.co

Chaos malware

Researchers from Black Lotus Labs at Lumen Technologies, recently uncovered a multifunctional Go-based malware that was developed to target devices based on multiple architectures, including Windows and Linux.

The malicious code was developed to target a broad range of devices, including small office/home office (SOHO) routers and enterprise servers. The Chaos malware includes capabilities previously documented in the original Kaiji Linux botnet.

The experts analyzed roughly 100 samples of the Chaos malware, which was written in Chinese and relies on a China-based C2 infrastructure.

Read more…

The Week in Security: CISA Director tasked with responsibility for open source software security

From blog.reversinglabs.com


Welcome to the latest edition of The Week in Security, which brings you the newest headlines from the world and our team across the full stack of security: application security, cybersecurity, and beyond. This week:A new congressional bill tasks the CISA Director with tackling open source software security, a leaked LockBit builder is being used by a new ransomware gang, and more.

Read more…

EU proposes rules making it easier to sue drone makers, AI systems

From reuters.com

European Parliament plenary session in Strasbourg

BRUSSELS, Sept 28 (Reuters) – The European Commission on Wednesday proposed rules making it easier for individuals and companies to sue makers of drones, robots and other products equipped with artificial intelligence software for compensation for harm caused by them.

The AI Liability Directive aims to address the increasing use of AI-enabled products and services and the patchwork of national rules across the 27-country European Union.

Read more…

Most Attackers Need Less Than 10 Hours to Find Weaknesses

From darkreading.com


The average ethical hacker can find a vulnerability that allows the breach of the network perimeter and then exploit the environment in less than 10 hours, with penetration testers focused on cloud security gaining access most quickly to targeted assets. And further, once a vulnerability or weakness is found, about 58% of ethical hackers can break into an environment in less than five hours.

That’s according to a survey of 300 experts by the SANS Institute and sponsored by cybersecurity services firm Bishop Fox, which also found that the most common weaknesses exploited by the hackers include vulnerable configurations, software flaws, and exposed Web services, survey respondents stated.

Read more…

US arm of Israeli defense giant Elbit Systems says it was hacked

From techcrunch.com

The front of an Elbit Systems drone with a company logo in the background.

Elbit Systems of America, the U.S. arm of Israeli defense contractor Elbit, says its network was compromised in early June and personal information of employees was stolen.

In a breach notification filed with the Maine attorney general’s office, Elbit Systems of America said 369 employees were affected by the data breach, which included employee names, addresses, dates of birth, direct deposit information, ethnicity and Social Security numbers. In the notice, the Texas-based company shared few details, only that “someone attempted to interfere with Elbit America’s cyber operations” and that its investigation was ongoing.

Elbit Systems of America did not attribute the breach to a particular threat group or government, or say for what reason it believes it was targeted. Greg Caires, a spokesperson for Elbit Systems of America, declined to answer our questions. A spokesperson for Elbit in Israel did not respond to a request for comment.

Read more…