This week’s news is brought to you by Hunters. To find out more about head to www.hunters.ai
- Open source applications have been at the heart of many strides in the cybersecurity and cloud security space. It’s when the community gets an opportunity to band together and build something truly incredible. In that spirit, Jupiter One this week launched StarBase, an open sourced version of their platform available to anyone, free of cost, forever. In his blog, JupiterOne CEO Erkang Zheng shared that he believes that “ to win cybersecurity battles, we must work together openly as a community to make products that are accessible to organizations of all sizes, not just the well-funded enterprises that can afford them.” and this led them “to build a true data-driven platform that prioritizes robust APIs, a flexible query language, strong developer tooling, and an immense investment in open-source” . They currently have over 130 public projects on GitHub. Cloud Security News reached out to Erkang to hear more about this and we are excited to see where this may go and how the community builds on it. Head over to the link in the show notes to hear what the CEO of JupiterOne shared with Cloud Security News. Read the announcement here.
- The US Department of Defense (DoD) has authorized Oracle Cloud Infrastructure (OCI) to host Top Secret/Sensitive Compartmentalized Information (TS/SCI) and Special Access Program (SAP) missions. The DoD will use Oracle National Security Regions (ONSR), which are dedicated Oracle Cloud Infrastructure regions isolated from the internet and connected to only government-specified networks that meet requisite security classifications. Oracle shared that they are a long-standing strategic technology partner of the US Government. Many federal, state and local customers are using Oracle to deliver critical government services. Oracle Cloud Infrastructure is used across the Department of Defense, including the US Army, Navy and Air Force, multiple defense agencies, as well as the Office of the Secretary of Defense. Globally, more than 1,000 public sector organizations are benefitting from Oracle’s industry-leading technologies and superior performance. Read more about it here.
- Coinbase has awarded their largest ever bug bounty – $250,000 to security researcher Tree of Alpha for disclosing a vulnerability in Coinbase that could have allowed a user to ‘sell’ currency they did not own. Coinbase has shared that underlying root cause of the bug was a missing logic validation check in a Retail Brokerage API endpoint, which allowed a user to submit trades to a specific order book using a mismatched source account. This API is only utilized by thei r Retail Advanced Trading platform, which is currently in limited beta release. Coinbase has confirmed that they were able to fix this bug in a matter of hours, and have confirmed it has never been maliciously exploited and have implemented additional checks to ensure that it cannot happen again. You can find out more here.
- If your microsoft exchange server infrastructure is public facing and possibly hosted in cloud then this next one may be of particular interest to you, Mandiant has released their research about a threat actor that deploys COLDDRAW ransomware, publicly known as Cuba Ransomware that frequently leverages vulnerabilities affecting public-facing Microsoft Exchange infrastructure as an initial compromise vector. Where initial access is gained via Microsoft Exchange vulnerabilities, it is subsequently deployed webshells to establish a foothold in the victim network. COLDDRAW ransomware incidents have mainly involved the use of credentials from valid accounts to escalate privileges. In some cases, the source of these credentials is unknown, Mandiant shares that as the number of vulnerabilities publicly disclosed continues to rise, we anticipate threat actors, including ransomware operators, to continue to exploit vulnerabilities in their operations. Read more about it here.