JumpCloud Community

Community Update

• Juergen posted a script: Install Winget in the System Context and applications via Winget remotely
•  RNHurt just configured SSO for YouTrack and shared how they did it.
•  Krishnan, one of our PMs, gave a quick overview of Radius auth using Azure AD credentials
• SlimJim has conditional access questions—go take a look and see if you can help? (Try not to channel Macho Man Randy Savage, though.)

Meetup Update

• Singapore went well—accelerated growth makes us excited about expansion, especially in APAC
• DC meetup is coming up on Sept 13 for DattoCon attendees
• Link to all meetup groups

Apple News

• There was a lot to cover, so make sure you watch the show! We talked about the different versions of the Apple Watch (8, SE, and Ultra), AirPods Pro, and all the iPhones (14, Plus, and Pro)

IT News

We didn't have time to get to all of the news, so make sure you check it out because there were some data breaches and vulnerabilities. All of these are brief snippets. Click the headlines to go read the full articles on the original sites.

• Samsung Hit By Data Breach (itsecurityguru.org)
  In Late July, an undisclosed number of Samsung customers in the US had their personal information accessed by an unauthorised user.
  
  Samsung, the Korean electronics giant, said that it discovered the breach on 4th August 2022. It has since secured the affected systems, engaged a third-party security firm and contacted law enforcement.
  
  Samsung also said that those affected by the incident are entitled to one free credit report annually from each of the three major US credit reporting agencies.

• 1859 Apps Contain Hard-Coded AWS Credentials (itsecurityguru.org)
  Security researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials. This poses a huge security risk.
  
  Symantec’s Threat Hunter Team, a part of Broadcom Software, wrote in a report that “over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services.”
  
  Over 50% of the apps were found using the same AWS tokes found in other apps maintained by developers and companies. This could be an indication of a supply chain vulnerability.
  
  Additionally, the report found that five iOS banking apps, which rely on the same AI Digital Identity SDK, contained cloud credentials, basically leaking more than 300,000 users’ fingerprint information.

• Feds claw back $30 million of cryptocurrency stolen by North Korean hackers (ars technica)
  Cryptocurrency analytics firm Chainalysis said on Thursday that it helped the US government seize $30 million worth of digital coins that North Korean-backed hackers stole earlier this year from the developer of the non-fungible token-based game Axie Infinite.
  
  When accounting for the more than 50 percent fall in cryptocurrency prices since the theft occurred in March, the seizure represents only about 12 percent of the total funds stolen. The people who pulled off the heist transferred 173,600 ethereum worth about $594 million at the time and $25.5 million in USDC stablecoin, making it one of the biggest cryptocurrency thefts ever.
  
  
• New wave of data-destroying ransomware attacks hits QNAP NAS devices (ars technica)
  Network hardware-maker QNAP is urging customers to update their network-attached storage devices immediately to protect them from a new wave of ongoing ransomware attacks that can destroy terabytes of data in a single stroke. Singapore-based QNAP said recently that it has identified a new campaign from a ransomware group known as DeadBolt.
  The advisory applies to the following devices:
  • QTS 5.0.1: Photo Station 6.1.2 and later
  • QTS 5.0.0/4.5.x: Photo Station 6.0.22 and later
  • QTS 4.3.6: Photo Station 5.7.18 and later
  • QTS 4.3.3: Photo Station 5.4.15 and later
  • QTS 4.2.6: Photo Station 5.2.14 and later

• Chrome patches high-severity 0-day, its 6th this year (ars technica)
  Google engineers have issued an emergency update for the Chrome browser to fix a high-severity vulnerability that can be exploited with code that’s already available in the wild.
  
  The vulnerability, which Google disclosed on Friday, is the result of “insufficient data validation in Mojo,” a Chrome component for messaging across inter- and intra-process boundaries that exist between the browser and the operating system it runs on. The vulnerability, which is tracked as CVE-2022-3075, was reported to Google last Tuesday by an anonymous party.