TLDR;
Preliminary analysis shows hardcoded auth information and admin creds, but all impacted systems are on the Apple corporate network, and possibly are not in use anymore due to the depreciation/age of the systems the leaked Atlassian plugins are designed for.
#apple
#infosec
The data provided by IntelBroker does not contain malicious contents per VirusTotal
Initial signs show that Apple-HWE-Confluence-Advanced is the source code for a custom internal Atlassian Confluence/Jira UI, to
For the final folder, AppleMacroPlugin, this is yet another Confluence plugin, however this is a custom developed plugin by
@CprimeInc
, a agile transformation company. The plugin does not appear to contain any sensitive information and looks to be a custom feature for Confluence
@RefinedSoftware
Based on the customizations made within the theme, the Confluence in question belongs to the Apple HMTS (Hardware, Manufacturing, and Test Solutions) team. HMTS team Apple branding is contained within the customization of the Confluence theme. (logo from data leak files below)
allow the development of custom branded, tailor-made platforms. The leaked data contains reference showing the data is a modified version of the
@RefinedSoftware
Advanced Theme Demo for Confluence.
For these plugins and their backend handlers, the software versions indicate version releases between ~2011-2015, which potentially reduces the impact this data has, due to the age and push from Atlassian to move into its cloud product offerings.
@Apple
The AppleConnect SSO codebase is built upon Atlassian Seraph, whose documentation and public documentation has not been updated since 2013, bringing to question when this code was last actually used. Within the AppleConnect SSO files, four folders are present:
The AppleConnect SSO files contain a default configuration file containing a default app ID, admin password, validation URL, and similar data, which appears to complete the necessary information for authentication to the Apple Retail Tech team's confluence.
All authentication endpoints provided within the codebase appear to be located within Apple's corporate network, and are not publicly accessible.
@Apple
will need to verify the validity of the credentials. The code contains links to internal documentation on
@_Gr4yb0x
@DarkWebInformer
Still in progress however I’ll be realtime tweeting analysis information in a thread as the analysis and write-up is completed.
@Apple
The conf-auth contains the backend authentication handler for the Apple confluence and the aforementioned hardcoded credentials. ConfluenceSSORedirect is a custom Confluence Plugin. jira-auth is the backend authentication handler for the AppleConnect Jira integration, and
@malwrhunterteam
new webshell & automated exploit for the current WordPress discovered after active threat for a client's infrastructure DM for details if you'd like, uses custom code and installs a persistent presence, using a mix of old known shells and custom code
October 14th, 2021 an angry RaidForum user,
@F_adelAwad
, leaked
@offsectraining
exam answers online. Today Offensive Security stated, due to the leak, exams will be postponed.
Image: Offensive Security Training announcement
If you are a Verizon Wireless Customer in the United States, you've likely received a text message appearing to be sent from your own number within the last several days, your not alone.
#cybersecurity
#verizonwireless
#phishing
#awareness
@CNNPolitics
@washingtonpost
@Reuters
it seems that the “Wait List” shown to many
#TruthSocial
users is actually a wait list for trump’s vetting team to decide if you meet the criteria for the platform. Notice the correspondence between the unapproved position and wait list