Researchers have identified 1,859 apps across Android and iOS containing hard-coded Amazon Web Services (AWS) credentials, posing a major security risk.
"Over three-quarters (77%) of the apps contained valid AWS access tokens allowing access to private AWS cloud services," Symantec's Threat Hunter team, a part of Broadcom Software, said in aΒ reportΒ shared with The Hacker News.
Interestingly, a
Atlassian has rolled out fixes to remediate a critical security vulnerability pertaining to the use of hard-coded credentials affectingΒ the Questions For ConfluenceΒ app for Confluence Server and Confluence Data Center.
The flaw, tracked as CVE-2022-26138, arises when the app in question is enabled on either of two services, causing it to create a Confluence user account with the username "