Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

By Ravie Lakshmanan — September 1^st 2022 at 10:19

Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk. "Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in a report shared with The Hacker News. Interestingly, a

WIRED

Careless Errors in Hundreds of Apps Could Expose Troves of Data

By Lily Hay Newman — September 1^st 2022 at 10:00

Researchers found that mobile applications contain keys that could provide access to both user information and private files from unconnected apps.

The Hacker News

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability

By Ravie Lakshmanan — July 21^st 2022 at 08:41

Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affecting the Questions For Confluence app for Confluence Server and Confluence Data Center. The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "

FreshRSS

Over 1,800 Android and iOS Apps Found Leaking Hard-Coded AWS Credentials

Careless Errors in Hundreds of Apps Could Expose Troves of Data

Atlassian Rolls Out Security Patch for Critical Confluence Vulnerability