Summary: The video discusses multiple security vulnerabilities found in software applications, including GitHub Desktop, Subaru’s employee portal, and Juniper enterprise routers. Researchers highlight serious risks associated with credential leaks in GitHub, insecure password reset practices at Subaru, and a newly discovered backdoor on Juniper routers.
Keypoints:
- A chain of CVEs in GitHub Desktop could leak user credentials due to improper handling of the credential protocol.
- An attacker could exploit the ‘clone to leak’ vulnerability by using a malicious repository’s submodule URL to manipulate credential processing.
- This vulnerability impacts not only GitHub Desktop but also tools like Git Credential Manager and Git LFS.
- GitHub patched the affected tools by improving input validation and blocking malformed URLs.
- A new vulnerability in Subaru’s system allowed access to sensitive employee information, patched within 24 hours after discovery.
- By guessing employee emails, hackers could access the employee portal, compromising personal information and vehicle access.
- Declining emphasis on secure coding logic contributes to vulnerabilities; coding logic failures can lead to security risks.
- A backdoor found on Juniper routers, dubbed ‘J magic,’ has been operational since at least September 2023, allowing packet monitoring and data extraction.
- The backdoor is linked to specific configurations and may indicate active reconnaissance efforts in South America by malicious actors.
- Lumen Technologies released indicators of compromise for affected routers on their GitHub page for public awareness.
Youtube Video: https://www.youtube.com/watch?v=XqRFvU06Gg4
Youtube Channel: Hak5
Video Published: Wed, 29 Jan 2025 17:30:11 +0000