Connect with us

Press Release

Heroku acknowledges that a cyberattack resulted in the theft of user credentials.

Published

on

Heroku acknowledges that a cyberattack resulted in the theft of user credentials.

The GitHub integration OAuth tokens that were taken last month also contributed to the vulnerability of an internal client database, according to a recent statement from Heroku.

The cloud platform, which is owned by Salesforce, acknowledged that the same compromised token was utilised by attackers to steal client credentials that had been hashed and salted from “a database.”

Following yesterday’s contact between BleepingComputer and Salesforce, Heroku released an update.

Even though BleepingComputer doesn’t have any OAuth integrations that leverage Heroku apps or GitHub, we unexpectedly received a password reset email from Heroku, like many other users. This suggested that there was another reason for these password resets.

Forced password resets are explained by Heroku.
Following the security breach from last month, Heroku began this week forcing password resets for a portion of its user accounts without providing a detailed justification.

Some Heroku users received emails on Tuesday evening informing them that their account passwords would be changed as a result of the security breach, with the subject line “Heroku security notification – resetting user account passwords on May 4, 2022.” The email noted that the reset will also invalidate all API access tokens and force users to create new ones.

However, the original security problem being discussed involves threat actors stealing OAuth tokens given to Heroku and Travis-CI and utilising them to retrieve data from secure GitHub repositories belonging to a variety of companies, including npm.

According to a previous statement from GitHub, “On April 12, GitHub Security started an investigation that uncovered evidence that an attacker exploited stolen OAuth user tokens issued to two third-party OAuth integrators, Heroku and Travis-CI, to download data from dozens of organisations, including npm.”

These tokens had previously been used by the OAuth integrations of the Travis-CI and Heroku platforms to link with GitHub and release apps.

Threat actors could access and download data from GitHub repositories belonging to users who gave their accounts permission to the stolen Heroku or Travis CI OAuth apps by stealing these OAuth tokens. Notably, the issue had no effect on GitHub’s infrastructure, processes, or private repositories.

But up until this point, it was still unclear why Heroku would need to reset some user account passwords.

It turns out that threat actors were able to access Heroku’s internal database of client accounts through the compromised token for a Heroku machine account:

Heroku updates its security warning: “Our research also discovered that the same compromised token was used to access a database and exfiltrate the hashed and salted passwords for users’ accounts.”

“Because of this, Salesforce is making sure that all Heroku user passwords are changed and that any potentially vulnerable credentials are updated. We have added more detections and rotated internal Heroku credentials. We are still looking into the token compromise’s origin.”

A reader of YCombinator Hacker News suggested that the “database” being discussed might be what was formerly known as “core-db.”

Craig Kerstiens of the PostgreSQL platform CrunchyData, a former employee of Heroku, is the reader in question.

According to Kerstiens, the internal database is referenced in the most recent report as “a database.”

“It appears [the attacker] had access to internal systems, but I don’t want to guess too much. It was discovered, noted, and reported to Heroku by GitHub. You can’t argue against the need for further clarity, but it would be wise to follow up with Salesforce on that.”

After being contacted by BleepingComputer, Kerstiens acknowledged writing these statements.

Clients refer to ambiguous disclosure as a “train crash.”
In its initial statement about the security breach, Heroku said that accounts using compromised OAuth tokens from Heroku had exploited GitHub repositories to gain unauthorised access.

The business has previously said that “The compromised tokens could give the threat actor access to customer GitHub repos, but not customer Heroku accounts.”

However, the password reset emails legitimately raised consumer worries that Heroku’s investigation might have turned up additional malicious activity by the threat actors that wasn’t being made public.

The disclosure was termed “a complete train wreck and a case study on how not to interact with your customers,” by some YCombinator Hacker News readers.

Heroku has started to shed some light on the issue in an effort to be more open with the community.

According to Heroku, “We embrace transparency and recognise that our customers are looking for a deeper understanding of the implications of this incident and our reaction thus far.”

The cloud platform added that it had reached a stage where more material could be disclosed without jeopardising the ongoing investigation after cooperating with GitHub, threat intelligence suppliers, industry partners, and law enforcement during the inquiry:

A different third-party integrator, Travis-CI, revealed, however, that no client data had been harmed by the event on the business day that followed GitHub’s initial notice.

Users of Heroku are urged to keep checking the security notification page for updates concerning the incident.

 

Continue Reading

Press Release

Why 918Kiss is the best live casino after COVID for various reasons

Published

on

Why 918Kiss is the best live casino after COVID for various reasons

It is safe to assume that the idea of online gambling was generally successful, especially during the quarantine period when most things weren’t completely successful. The idea of online gambling was around long before the Corona Virus, but it didn’t receive the same amount of attention as gamblers preferred playing in a regular on-land casino.

Even if everything is returning to normal after COVID-19, the idea of online gambling is still prevalent and fashionable in some online casinos. 918Kiss is one of the online gambling sites.

After COVID-19, many other online casinos failed, but 918Kiss built up a loyal player base and is currently the greatest live casino you can choose.

To make things clearer and to help you obtain a vivid perspective of the online casino, we developed a list of elements that make 918Kiss the greatest live casino you can go to after COVID. So without further ado, let’s begin the conversation.

Safe, simple, and practical
The fact that 918Kiss is risk-free, simple to use, and convenient for all players is one of its best features. If you enjoy gambling but are too lazy to visit a conventional land-based casino, 918Kiss is the best choice. The unique feature of 918Kiss is that you may bring the casino to you at home if you are not in the right condition to visit one.

The online casino is made especially for the players so that they can access the internet platform whenever they wish to gamble. You can gamble while at home with 918Kiss because their method is secure.

The nicest thing about 918Kiss is that players may access their games at any time of day, whether it’s first thing in the morning or during peak hours at a conventional on-land casino. Everything is always available to you at 918Kiss.

Players constantly have access to the games, giving them excellent opportunities to receive fantastic prizes. With 918Kiss, all you need is an app, and after the registration process is complete, you can begin gaming.

Secure 918Kiss
The security that 918Kiss has is another reason to select it above any other casino, whether it be online or physical. Players’ privacy and security are highly important to 918Kiss.

When it comes to security at an online casino, they actually have one of the greatest systems. A firewall is provided for all the players playing at the casino; the main purpose is to protect the player’s account from being hacked and keep the players’ identities safe.

Two secure payment channels are among the other outstanding security-related features. These gateways, which include Help2Pay and EeziePay, guarantee that regular transactions are processed promptly and securely.

The staff at 918Kiss is constantly working on adopting top-notch security measures to keep the data secure and confidential, therefore the firewall assures that your account is secured from all kinds of external hacks.

The nicest aspect of these transactions is their seeming smoothness and short processing times—less than 10 minutes at most—for all banks, which the online casino also offers banking options for.

However, the majority of transactions typically only take three minutes or less. The transactions are transparent and kept confidential between the player and the online casino, guaranteeing that everything is done correctly.

Unrivaled customer service
The excellent customer service that 918Kiss provides to its customers is another unique aspect that sets it apart from other online casinos. In a regular on-land casino, your odds of receiving customer service are quite slim, but at 918Kiss, help is available at every turn.

No matter if your question relates to a game or to your bank account, the 918Kiss support service offers all the assistance you require. The group puts through long hours, seven days a week.

While they are fully knowledgeable about the online casino and will help their players as soon as feasible. In this manner, you may rely on customer service for any issue you might experience.

The fact that the 918Kiss customer service team is accessible via live chat, Telegram, and WhatsApp is its best feature. If you have any questions, you may also consult the FAQs.

able to discover new games
Players can experiment with new games, which is one of the best aspects of gaming at 918Kiss. We no longer mean for you to purchase the games before playing; instead, if you want to sample a new game that is offered by 918Kiss, all you need to do is enter the 918Kiss Test ID, and you are ready to start.

Before placing any wagers with your actual money, enter the test ID to access new games. This is useful if you want to experiment with new card and table games that have a variety of options. With no danger or time constraints, you can take your time to learn more about the game, its tactics, and its regulations.

This is something you won’t find in a conventional on-land casino because the games there can only be played for real money and you can’t really learn anything from the games because they are all paid.

Last Words
Overall, there are numerous benefits to using 918Kiss as a gambling site. Make sure you are aware of the stakes and what you are playing for, as putting too much on the line can undoubtedly result in bankruptcy.

Continue Reading

Press Release

To avoid sanctions, Russia establishes its own TLS certificate authority.

Published

on

To avoid sanctions, Russia establishes its own TLS certificate authority.

To avoid sanctions, Russia establishes its own TLS certificate authority.
TLS certificates assist the web browser in verifying that a domain is associated with a recognised organisation and that information being transmitted between the user and the server is encrypted.

The inability of signing authorities situated in nations that have placed sanctions on Russia to accept fees for their services prevents numerous websites from being able to renew their expired certificates.

Web browsers including Google Chrome, Safari, Microsoft Edge, and Mozilla Firefox will display full-page warnings that the pages are vulnerable after a certificate expires, which may cause many users to leave the website.

a national authority
For the independent issuance and renewal of TLS certificates, the Russian government has envisioned a domestic certificate authority as a potential solution.

If the foreign security certificate is revoked or expires, it will be replaced with this one. A complimentary domestic analogue will be offered by the Ministry of Digital Development. According to the Russian public services web Gosuslugi, the service is offered to legal entities – site owners upon request and is delivered within 5 working days (translated).

However, it can take a while for new Certificate Authorities (CA) to pass scrutiny from various businesses before being trusted by web browsers.

The Yandex browser and Atom products from Russia are the only web browsers that now acknowledge Russia’s new CA as reliable, so Russian consumers are advised to use these rather than Chrome, Firefox, Edge, etc.

Sberbank, VTB, and the Russian Central Bank are among the websites that have already obtained and are presently utilising these state-provided certifications.

A list of 198 domains with a notification to use the local TLS certificate has purportedly been distributed in Russian media, but its usage is not now required.

A questionable proposition
Users of other browsers can manually apply the new Russian root certificate to keep accessing Russian websites that use the state-issued certificate. Examples of these browsers include Chrome and Firefox.

However, this raises fears that Russia might misuse its CA root certificate to carry out man-in-the-middle attacks and intercept HTTPS data.

The new root certificate would eventually be added to the list of certificates that have had their validity revoked as a result of this misuse (CRL).
As a result, Chrome, Edge, and Firefox will prohibit access to any websites utilising these domestic certificates, rendering them invalid.

All parties are obliged to trust certificate authorities. However, it is unlikely that the main browser vendors will add Russia to their root certificate stores given that it does not already have any level of trust.

To mitigate the negative effects of Western sanctions on its economy, Russia has taken some extreme steps. Many have assumed that the time has come to shut off communication with the world internet and move its users to the “Runet.”

In a statement distributed to local news agencies in reaction to these claims, the Russian Ministry for Digital Technologies categorically denied that there is a plan to turn off the internet from within.

Continue Reading

Press Release

New York Times reports that investigators are investigating whether solarwinds’ offices in Czech, Polish, and Belorussia have been hacked (NEW YORK TIMES).

Published

on

solarwinds’ office

Sources: investigators are checking if SolarWinds was hacked via its offices in Czechia, Poland, and Belarus, where the company moved much of its engineering  —  Those behind the widespread intrusion into government and corporate networks exploited seams in U.S. defenses and gave away nothing to American monitoring of their systems.

Continue Reading

Trending