BitBucket | Breaking Cybersecurity News | The Hacker News

The threat actor known as APT-C-60 has been linked to a cyber attack targeting an unnamed organization in Japan that used a job application-themed lure to deliver the SpyGlace backdoor. That's according to findings from JPCERT/CC, which said the intrusion leveraged legitimate services like Google Drive, Bitbucket, and StatCounter. The attack was carried out around August 2024. "In this attack, an email purporting to be from a prospective employee was sent to the organization's recruiting contact, infecting the contact with malware," the agency said . APT-C-60 is the moniker assigned to a South Korea-aligned cyber espionage group that's known to target East Asian countries. In August 2024, it was observed exploiting a remote code execution vulnerability in WPS Office for Windows (CVE-2024-7262) to drop a custom backdoor called SpyGlace. The attack chain discovered by JPCERT/CC involves the use of a phishing email that contains a link to a file hosted on Goo...

Cloudflare has revealed that it was the target of a likely nation-state attack in which the threat actor leveraged stolen credentials to gain unauthorized access to its Atlassian server and ultimately access some documentation and a limited amount of source code. The intrusion, which took place between November 14 and 24, 2023, and detected on November 23, was carried out "with the goal of obtaining persistent and widespread access to Cloudflare's global network," the web infrastructure company  said , describing the actor as "sophisticated" and one who "operated in a thoughtful and methodical manner." As a precautionary measure, the company further said it rotated more than 5,000 production credentials, physically segmented test and staging systems, carried out forensic triages on 4,893 systems, reimaged and rebooted every machine across its global network. The incident involved a four-day reconnaissance period to access Atlassian Confluence and J...

In today's rapidly evolving threat landscape, safeguarding your organization against cyberattacks is more critical than ever. Traditional penetration testing (pentesting), while effective, often falls short due to its high costs, resource requirements, and infrequent implementation. Automated internal and external network pentesting is a game-changing solution, empowering organizations to stay ahead of attackers with cost-effective, frequent, and thorough security assessments. Strengthen Your Defenses: The Role of Internal and External Pentests  Effective cybersecurity requires addressing threats from both inside and outside your organization. Automated solutions streamline this process, enabling IT teams to implement a holistic and proactive defense strategy. Internal Pentesting: Securing the Core Internal pentesting simulates an attacker operating within your network, exposing vulnerabilities such as insider threats, compromised credentials, or breaches through physical or ...

The ubiquity of GitHub in information technology (IT) environments has made it a lucrative choice for threat actors to host and deliver malicious payloads and act as  dead drop resolvers , command-and-control, and data exfiltration points. "Using GitHub services for malicious infrastructure allows adversaries to blend in with legitimate network traffic, often bypassing traditional security defenses and making upstream infrastructure tracking and actor attribution more difficult," Recorded Future  said  in a report shared with The Hacker News. The cybersecurity firm described the approach as "living-off-trusted-sites" (LOTS), a spin on the living-off-the-land (LotL) techniques often adopted by threat actors to conceal rogue activity and fly under the radar. Prominent among the methods by which GitHub is  abused   relates  to  payload   delivery , with some actors leveraging its features for command-and-control (C2) obfuscation. Last month, Reve...

Australian software company Atlassian has rolled out security updates to address  two critical flaws  affecting Bitbucket Server, Data Center, and Crowd products. The issues, tracked as  CVE-2022-43781  and  CVE-2022-43782 , are both rated 9 out of 10 on the CVSS vulnerability scoring system. CVE-2022-43781, which Atlassian said was introduced in version 7.0.0 of Bitbucket Server and Data Center, affects versions 7.0 to 7.21 and 8.0 to 8.4 (only if mesh.enabled is set to false in bitbucket.properties). The weakness has been described as a case of command injection using environment variables in the software, which could allow an adversary with permission to control their username to gain code execution on the affected system. As a temporary workaround, the company is recommending users turn off the "Public Signup" option (Administration > Authentication). "Disabling public signup would change the attack vector from an unauthenticated attack to an authe...

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  added  a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as  CVE-2022-36804 , the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request. Successful exploitation, however, banks on the prerequisite that the attacker already has access to a public repository or possesses read permissions to a private Bitbucket repository. "All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability," Atlassian  noted  in a late August 2022 advisory....

Atlassian has rolled out fixes for a  critical security flaw  in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as  CVE-2022-36804  (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An attacker with access to a public Bitbucket repository or with read permissions to a private one can execute arbitrary code by sending a malicious HTTP request," Atlassian  said  in an advisory. The shortcoming, discovered and reported by security researcher  @TheGrandPew  impacts all versions of Bitbucket Server and Datacenter released after 6.10.17, inclusive of 7.0.0 and newer - Bitbucket Server and Datacenter 7.6 Bitbucket Server and Datacenter 7.17 Bitbucket Server and Datacenter 7.21 Bitbucket Server and Datacenter 8.0 Bitbucket Server and Datacenter 8.1 B...

An unpatched security issue in the Travis CI API has left tens of thousands of developers' user tokens exposed to potential attacks, effectively allowing threat actors to breach cloud infrastructures, make unauthorized code changes, and initiate supply chain attacks. "More than 770 million logs of free tier users are available, from which you can easily extract tokens, secrets, and other credentials associated with popular cloud service providers such as GitHub, AWS, and Docker Hub," researchers from cloud security firm Aqua  said  in a Monday report. Travis CI is a  continuous integration  service used to build and test software projects hosted on cloud repository platforms such as GitHub and Bitbucket. The issue, previously reported in 2015 and  2019 , is rooted in the fact that the  API  permits access to historical logs in cleartext format, enabling a malicious party to even "fetch the logs that were previously unavailable via the API." The l...

Atlassian solutions are widely used in the software development industry. Many teams practicing agile software development rely on these applications to manage their projects. Issue-tracking application Jira, Git repository BitBucket, continuous integration and deployment server Bamboo, and team collaboration platform Confluence are all considered to be proven agile tools. Considering how popular agile has become, it's no wonder Atlassian now serves 83 percent of Fortune 500 companies and has over 10 million active users worldwide. To help create a better experience for these users,  Alpha Serve  has developed WebAuthn add-ons to bring passwordless authentication to various Atlassian products. Having a more convenient and secure way to login to their Atlassian instances should be a welcome development for development teams. How WebAuthn Works WebAuthn is a browser-based security standard recommended by World Wide Web Consortium (W3C) that allows web apps to si...