Posts

Twitch downplays this month’s hack, says it had minimal impact


Twitch downplays this month's hack, says it had minimal impact

In an update regarding this month’s security incident, Twitch downplayed the breach saying that it had minimal impact and only affected a small number of users.

“We’ve undergone a thorough review of the information included in the files exposed and are confident that it only affected a small fraction of users and the customer impact is minimal. We are contacting those who have been impacted directly,” Twitch said.

The company also stated that no login credentials or full credit card numbers/payment data belonging to users or streamers were exposed following last week’s massive data leak.

“Twitch passwords have not been exposed. We are also confident that systems that store Twitch login credentials, which are hashed with bcrypt, were not accessed, nor were full credit card numbers or ACH / bank information,” Twitch added.

Data exposed in the incident and leaked on the 4chan imageboard primarily contained documents from Twitch’s source code repository and a subset of creator payout data.

As explained in previous updates issued after the attack, the attackers could gain access to data due to a faulty server configuration change that exposed it to the Internet.

125 GB of source code and payment reports stolen

Although Twitch hasn’t revealed what servers were misconfigured, the unknown individual behind the leak said the data was allegedly stolen from roughly 6,000 internal Twitch Git repositories.

“Their community is also a disgusting toxic cesspool, so to foster more disruption and competition in the online video streaming space, we have completely pwned them, and in part one, are releasing the source code from almost 6,000 internal Git repositories,” the anonymous poster said.

Image: BleepingComputer

According to the 4chan user, the archive leaked on the imageboard contained the following Twitch info:

  • The entirety of twitch.tv, with commit history going back to its early beginnings
  • Mobile, desktop, and video game console Twitch clients
  • Various proprietary SDKs and internal AWS services…

Source…

SLSA Adoption Would’ve Muted SolarWinds Hack


Adoption of Google Cloud’s Supply-chain Levels for Software Artifacts (SLSA) security framework would have protected organizations from the SolarWinds cyberattack by alleged Russia-backed hackers, according to CEO Thomas Kurian.

The software supply chain is a vector of threats that other cloud providers had not anticipated, Kurian said.

“We had anticipated that,” Kurian said in an exclusive CRN interview ahead of the Google Cloud Next ’21 conference that started today. “Not only did we build the technology in a secure way, but we’re now making it available to customers to use in a secure way. We have now taken that framework and, working with NIST (the U.S. Department of Commerce’s National Institute of Standards and Technology), are making it available to the entire software industry, because that framework would have protected against SolarWinds.”

Pronounced “salsa,” SLSA is a source-to-service security framework for ensuring the integrity of software artifacts by helping to protect against unauthorized changes to software packages throughout the software supply chain. It’s based on Google’s internal Binary Authorization for Borg (BAB), a deploy-time enforcement check designed to minimize insider risk by ensuring that production software and configuration deployed at Google is properly reviewed and authorized, especially if that code has the ability to access user data. Google has been using BAB since 2013 and requires it for all of its production workloads.

The SolarWinds hack, which ensnared Microsoft and breached U.S. federal government agencies and private sector companies, first was detected last December. Suspected Russian intelligence attackers injected malicious code into Austin, Texas-based SolarWinds’ Orion network monitoring platform that was downloaded into as many as 18,000 of its customers’ computer networks. Last month, Microsoft said the hackers behind SolarWinds also had developed a backdoor that exfiltrates sensitive information from compromised Microsoft Active Directory Federation Services servers.

Kurian pointed to both the increasing number of cybersecurity threats and the variations of those threats.

“A year ago, if somebody…

Source…

Russian hackers behind SolarWinds hack trying to infiltrate US and European government networks



The Russian hackers behind a successful 2020 breach of US federal agencies have in recent months tried to infiltrate US and European government networks, cybersecurity analysts tracking the group told …

Source…

Google chrome users urged to delete app after hack


Google has urged its users to delete one of its most used apps after the tech giant was hacked again this week.

Google is warning users to delete Chrome for the second time this week as the search engine giant confirms “multiple high-level hacks of browser”.

Once again, the tech giant advised its 2.6 billion users to delete Chrome after publishing a new blog post revealing four “high” rated vulnerabilities.

Google’s threat analysis group (TAG) said hackers “created malformed code signatures” that would be considered as ”valid by Windows” but could not be detected by OpenSSL code used in security scanners.

TAG discovered that the OpenSUpdater line of software uses this new technique.

Described as riskware, OpenSUpdater shows ads on victims‘ browsers and then installs unwanted programs into their PCs.

Most of the targeted victims of OpenSUpdater attacks are US-based users prone to downloading cracked games.

The latest warning comes after Google advised its users about a security flaw in the browser that hackers could exploit on Monday.

While Google has maintained that it is working hard to protect users’ security, cyber experts say it’s time to leave Chrome behind.

This year, the company disclosed the latest in a string of security flaws in a September 24 blog post.

The post confirmed that Chrome’s 11th “zero-day” exploit of the year was found and impacted Linux, macOS, and Windows users.

This classification means hackers could use the flaw to their advantage before the tech giant could fix it – upping the threat significantly, Forbes reported.

Google reportedly kept the hack details under wraps to protect users after in-house employees discovered the flaw.

According to Forbes, it was revealed just weeks after Google admitted it “accidentally” allowed the secret tracking of millions of users.

At the heart of Google‘s latest tracking trouble is the rollout of a new Chrome API that detects and reports when a user is “idle” or not actively using their device.

Google has defended the feature from criticism by security experts who say it can be easily abused by malicious sites seeking sensitive information.

“This feature, which we only expect to be used by a…

Source…