Cyber Security Headlines: Slack’s GitHub theft, CircleCI breach warning, NATO tests AI

Slack’s private GitHub code repositories stolen over holidays

The immensely popular Salesforce-owned IM app is used by an estimated 18 million users at workplaces and digital communities around the world. The incident involves threat actors gaining access to Slack’s externally hosted GitHub repositories via a “limited” number of Slack employee tokens that were stolen. While some of Slack’s private code repositories were breached, Slack’s primary codebase and customer data remain unaffected, according to the company. There is no indication that sensitive areas of Slack’s environment, including production, were accessed.

(Bleeping Computer

CircleCI warns of security breach — rotate your secrets!

CircleCI, a software development service has disclosed a security incident and is urging users to rotate their secrets. The CI/CD platform touts having a user base comprising more than one million engineers who rely on the service for “speed and reliability” of their builds. CircleCI states it is currently investigating a security incident, according to email notifications being received by CircleCI users. The secrets that customers are advised to rotate include the ones stored as project environment variables or in contexts. For projects using API tokens, CircleCI has invalidated these tokens and users will be required to replace them.

(Bleeping Computer)

NATO tests AI’s ability to protect critical infrastructure against cyberattacks

AI can act without human intervention to identify critical infrastructure cyberattack patterns and detect malware to enable enhanced decision-making about defensive responses. These are the findings of an international experiment conducted at NATO’s Cyber Coalition event late last year. The experimental findings were published in late December shortly after a new US Government Accounting Office (GAO) report warned that numerous key government entities are flying blind on critical infrastructure security, having failed to implement most recommendations related to protecting critical infrastructure since 2010. 

(CSOOnline)

Hackers use CAPTCHA bypass to make 20K GitHub accounts in a month

According to Palo Alto Networks Unit 42, a South African threat actor known as ‘Automated Libra’ is abusing CI/CD service providers such as GitHub to create many accounts quickly without requiring manual intervention. This is in support of their cryptomining and freejacking activities. To speed the process, the group uses ImageMagic’s “convert” tool to convert CAPTCHA images into their RGB equivalents and then use the “identify” tool to extract the Red channel skewness for each image. The value outputted by the “identify” tool is used for ranking the images in ascending order. Finally, the automated tool uses the table to select the image that tops the list, which is usually the right one.

(Bleeping Computer)

Thanks to this week’s episode sponsor, AppOmni

Did you know that over half of companies have sensitive SaaS data exposed on the public internet? And many breaches making headlines now involve SaaS apps? AppOmni can help. AppOmni identifies misconfigurations and guides remediation to keep your SaaS data secure. We help Security teams make sense of data access permissions, third party app visibility, and threat detection across their entire SaaS ecosystem. Get started at AppOmni.com.

Burger chain Five Guys discloses data breach impacting job applicants

Five Guys appears to have started informing customers on December 29, when it also notified state authorities about the incident. Exposed information includes names, Social Security numbers, and driver’s license numbers. Little information is available about the incident itself. The company said it identified “unauthorized access to files on a file server” on September 17, 2022. An investigation completed on December 8 showed that the exposed files contained information submitted to the company in connection with its employment process.

(Security Week)

Email addresses of 235,000,000 Twitter users offered on popular hacker forum

Following the leak of 400 million user names announced in December, a new data leak containing email addresses for 235 million Twitter users has been published on the Breach hacker forum. According to experts, this data leak does not indicate whether an account is verified, but they warn that the leaked data can be used by threat actors for criminal, impersonation and doxxing activities.

(Security Affairs)

Database of the Cricketsocial.com platform left open online

Cricketsocial.com is a social platform developed for the cricket community online. CyberNews discovered that a database used by the platform was left open. The database, hosted by Amazon Web Services in the US, contained admin credentials and private customer data, including email, phone numbers, names, hashed user passwords, dates of birth, and addresses. The experts noticed that most of the records in the database seem to be test data, however, the experts discovered it also includes personally identifiable information (PII) of legitimate site users.

(Security Affairs)

Chinese researchers claim to have broken RSA with a quantum computer. Experts aren’t so sure.

Breaking 2048-bit RSA would be extremely significant. Although the RSA algorithm itself has largely been replaced in consumer-facing protocols, such as Transport Layer Security, it is still widely used in older enterprise and operational technology software and in many code-signing certificates. The Chinese researchers’ paper, titled “Factoring integers with sublinear resources on a superconducting quantum processor,” features one of the first claims that this can now be practically achieved. They argue that they can break the 2048-bit algorithm using a 372-qubit quantum computer. There are some caveats, however. They only had access to a 10-qubit device to practice on and were unable to demonstrate their hypothesis on anything larger than 48-bits. Many experts are questioning their findings. The paper itself has been shared through the preprint service arXiv without any meaningful peer-review, something which would generally be considered a necessary minimum standard to weigh the scientific value of a research paper.

(The Record)