TL;DR
This week’s security news includes a Microsoft GitHub repository compromise caused by the Miasma worm, a bug fix for GitHub token theft, TP-Link device domain issues, OpenSSL vulnerabilities, and the return of researcher NightmareEclipse. These developments impact software supply chains, device security, and vulnerability disclosure practices.
Microsoft’s open source repositories on GitHub were automatically disabled after being compromised by the Miasma worm, which infected 73 repositories related to Azure and other Microsoft projects. This incident underscores ongoing supply chain security risks and the effectiveness of automated security systems.
According to OpenSourceMalware, the infection was triggered by the Microsoft Durabletask package, previously compromised in May, which was used to push infected packages to PyPi. The automated GitHub security system flagged and took down the affected repositories within minutes, preventing further spread but disrupting build processes dependent on these packages. Microsoft confirmed that the repositories were disabled as a temporary measure to contain the infection.
Separately, Microsoft fixed a critical bug in GitHub’s embedded web-based VSCode editor that could allow attackers to steal user authentication tokens. Discovered by Ammar Askar, the vulnerability involved manipulating the sandboxed environment to install malicious extensions and exfiltrate tokens. Microsoft issued a patch to address this issue.
In device security news, researcher Julian B identified unregistered domain names in TP-Link firmware that allowed devices to check in with outdated servers. After reporting the issue, Julian registered the domain, preventing potential misuse, though the security implications remain unclear.
OpenSSL announced multiple vulnerabilities, including a high-severity use-after-free bug in PKCS7 handling that could enable arbitrary code execution. While most applications are unlikely to be affected, users are advised to update promptly.
Meanwhile, researcher NightmareEclipse, known for releasing Windows vulnerabilities, returned as MSNightmare, releasing exploits such as RoguePlanet, which exploits race conditions in Windows Defender, and GreatXML, a BitLocker bypass. Microsoft initially responded with threats of criminal investigation but later appeared to soften their stance, amid ongoing discussions about vulnerability disclosure norms.
Implications of Recent Security Incidents and Fixes
The week’s developments highlight persistent challenges in software supply chain security, device firmware integrity, and vulnerability disclosure. The GitHub repository compromise demonstrates how automated systems can rapidly contain threats but also cause operational disruptions. The fixes for GitHub token theft and OpenSSL vulnerabilities are critical for maintaining secure development and communication channels. The return of researcher NightmareEclipse underscores tensions around vulnerability research and responsible disclosure, with broader implications for security industry norms and cooperation.
SANDISK 128GB Ultra Flair USB 3.0 Flash Drive, SDCZ73-128G-G46, Black
High-speed USB 3.0 performance of up to 150MB/s(1) [(1) Write to drive up to 15x faster than standard…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Recent Trends in Supply Chain Attacks and Vulnerability Disclosure
Supply chain attacks have continued to evolve, with recent incidents involving Microsoft’s open source packages and firmware vulnerabilities in consumer devices. The Miasma worm’s targeting of Microsoft repositories echoes earlier campaigns aimed at compromising development environments and stealing credentials. The vulnerability disclosures by researchers like NightmareEclipse reflect a shifting landscape where security researchers push for responsible disclosure amid evolving corporate policies. Microsoft’s initial threat stance and subsequent moderation reveal ongoing debates about the boundaries of vulnerability research and legal risks.
“The infection resulted in 73 repositories being flagged and taken offline in just over a minute, highlighting the effectiveness of GitHub’s automated security system.”
— OpenSourceMalware
For Beaglebone Black Embedded Development Board AM3358 Main Board Linux Single Board ARM Computer New For BeagleBone Black Embedded AM3358 Development Board For Linux Single Board ARM Computer
Featuring a 1GHz processor and SGX530 Graphics Engine.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Unresolved Questions About Security Incidents
It remains unclear how extensively the Miasma worm has spread beyond the affected repositories, and whether other Microsoft packages or organizations have been compromised. The full impact of the TP-Link domain issue on devices is also still under investigation. Additionally, the long-term effects of the OpenSSL vulnerabilities depend on whether affected applications are in active use. The response from Microsoft to researcher NightmareEclipse’s exploits and potential policy changes is also still developing.
TP-Link AX1800 WiFi 6 Router (Archer AX21 V5) – Dual Band Wireless Internet, Gigabit, Easy Mesh, Works with Alexa – A Certified for Humans Device, Free Expert Support
DUAL-BAND WIFI 6 ROUTER: Wi-Fi 6(802.11ax) technology achieves faster speeds, greater capacity and reduced network congestion compared to…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Upcoming Security Patches and Industry Responses
Microsoft is expected to release security patches addressing the recent vulnerabilities during the next Patch Tuesday cycle. Organizations should review their dependency management and supply chain security protocols in light of the recent incidents. The security community will likely scrutinize Microsoft’s handling of researcher disclosures and the evolving norms around vulnerability publication. Additionally, device manufacturers like TP-Link may implement stricter firmware validation processes to prevent similar issues.
Python Cybersecurity Automation Tips – Efficient security monitoring and penetration testing automation using scripts and tools – (Japanese Edition)
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What is the Miasma worm and how does it infect repositories?
The Miasma worm is a malware strain that compromises open source packages, leading to infected repositories being flagged by automated security systems. It mainly targets supply chain components, such as Microsoft’s Durabletask package.
How critical is the GitHub token vulnerability fix?
The fix addresses a flaw that could allow attackers to steal user authentication tokens via the embedded VSCode environment, potentially gaining access to all repositories. It is highly recommended to update immediately.
Are TP-Link devices at risk from the unregistered domain issue?
The discovery involves devices checking in with outdated or unregistered domains, but the full security implications are still being evaluated. Registering the domain helps mitigate potential misuse.
Should I update OpenSSL now?
Yes. The vulnerabilities, especially the use-after-free bug, could be exploited in affected applications. Applying the latest updates is advised for all users of OpenSSL.
What does NightmareEclipse’s return mean for Windows security?
The researcher’s exploits highlight ongoing vulnerabilities in Windows Defender and BitLocker. Microsoft’s response and future patch plans will be critical in addressing these issues.
Source: Hackaday
