The Hacker News Logo
Subscribe to Newsletter

The Hacker News - Most Trusted Cyber Security and Computer Security Analysis: BitBucket

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

Unpatched Travis CI API Bug Exposes Thousands of Secret User Access Tokens

June 14, 2022Ravie Lakshmanan
An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub," researchers from cloud security firm Aqua  said  in a Monday report. Travis CI is a  continuous integration  service used to build and test software projects hosted on cloud repository platforms such as GitHub and Bitbucket. The issue, previously reported in 2015 and  2019 , is rooted in the fact that the  API  permits access to historical logs in cleartext format, enabling a malicious party to even "fetch the logs that were previously unavailable via the API." The logs go all
WebAuthn Passwordless Authentication Now Available for Atlassian Products

WebAuthn Passwordless Authentication Now Available for Atlassian Products

June 15, 2020The Hacker News
Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools. Considering how popular agile has become, it's no wonder Atlassian now serves 83 percent of Fortune 500 companies and has over 10 million active users worldwide. To help create a better experience for these users,  Alpha Serve  has developed WebAuthn add-ons to bring passwordless authentication to various Atlassian products. Having a more convenient and secure way to login to their Atlassian instances should be a welcome development for development teams. How WebAuthn Works WebAuthn is a browser-based security standard recommended by World Wide Web Consortium (W3C) that allows web apps to simplif
Online Courses and Software

Sign up for cybersecurity newsletter and get latest news updates delivered straight to your inbox daily.