CyberWire Daily: Leaked Target Code, Gogs Vulnerability, SAP Flaws, and AI Security

Leaked Target Source Code

• 🎯 Target employees have confirmed that recently leaked source code and documentation appear authentic, featuring internal platform names and proprietary project identifiers.
• 🔒 Target implemented an accelerated security change, restricting Git server access to corporate networks or VPNs only, following the leak.
• ⚠️ The source of the leak is unclear, though a compromised employee workstation with info stealer malware was reported, with no confirmed direct link to the leaked code.

Critical Vulnerabilities and Patches

• 🚫 CISA has ordered federal agencies to stop using or lock down Gogs, an open-source Git service, due to a high-severity path traversal vulnerability that allows arbitrary file overwrites and remote code execution.
• 🚨 SAP released 17 security notes, including fixes for four critical vulnerabilities, notably a SQL injection flaw in S4 HANA and remote code execution in WY introscope.
• 💻 Researchers discovered several flaws, with SAP customers urged to apply patches promptly as exposed systems are high-value targets.

Espionage and International Cyber Incidents

• 🇸🇪 Swedish authorities detained a former IT consultant suspected of spying for Russian intelligence, with alleged activity dating back to 2022.
• 🇮🇹 Cloudflare is threatening to scale back operations in Italy after a roughly 14 million euro fine for failing to comply with the country's antipiracy system, which the company argues lacks judicial oversight.

Emerging Threats and Defense Tools

• 📶 A flaw in Broadcom wireless chipsets can allow attackers to repeatedly disable the 5 GHz Wi-Fi band on affected routers, regardless of security settings.
• 🔍 Mandiant released Aura Inspector, an open-source tool to help Salesforce administrators identify misconfigurations that could expose sensitive data, focusing on access control issues.
• 💳 A large-scale Magecart-style digital skimming campaign has been operating since 2022, targeting checkout pages of major payment networks with malicious JavaScript.
• 🎣 Attackers are increasingly using the browser-in-the-browser phishing technique to steal Facebook account credentials through fake login pop-ups.

Securing Agentic AI

• 🤖 NIST is seeking public input on how to secure agentic artificial intelligence systems, which combine generative models with software for planning and autonomous action.
• ⚠️ NIST warns of unique threats including hijacking, data poisoning, and prompt injection, aiming to develop guidelines before these systems become deeply embedded in high-impact operations.