Cybersecurity Roundup for the Week of 10.10.2022: Thoma Bravo Completes Yet Another Acquisition, More API Vulnerabilities, and a US Airport Cyberattack

This week, Thoma Bravo, Vista Equity and Thales made headlines on their latest rounds of acquisitions. Aqua Security reported private npm packages exposed by a vulnerability in API architecture, which highlights the importance of including API security platforms in the cybersecurity toolchain. We also witnessed the outcome of Killnet’s most recent DDoS attacks on US Infrastructure, in which the pro-Russian groups yielded limited impact but still called upon similar groups to carry out similar attacks. And Toyota issues an apology and notice about a vulnerability created by subcontractor human error.

Thoma Bravo Acquires ForgeRock

These days, the cybersecurity industry has become accustomed to frequent acquisitions. And the latest is no surprise. The week began with Thoma Bravo making news, yet again, this time acquiring ForgeRock, making it its third identity company purchased this year. 

As reported by TechCrunch:

“Today the firm announced its intention to acquire ForgeRock for $2.3 billion, the third company it has purchased in this category this year. In April it acquired SailPoint for $6.9 billion, and in August it snagged Ping Identity for $2.8 billion. That’s a $12 billion investment to basically build a software category in-house.

With ForgeRock, it’s getting a 12-year-old identity management company that raised over $230 million, per Crunchbase.”

Chip Virnig, a partner at Thoma Bravo did acknowledge that the company likes identity-centric approaches to security. “Identity-centric cybersecurity solutions are a critical enabler for businesses to digitally transform their operations, and ForgeRock’s solutions combine both the advanced security and customer usability needed in the market,” he said in the press release. 

As for the financial specifics, Thoma Bravo paid $23.25 per share, which represented a 53% premium over the stock’s closing price on Monday. 

Other notable acquisitions include Vista Equity’s purchase of KnowBe4 and Thales snagged Excellium and S21sec.


Security Researchers at Aqua Nautilus Identify a Vulnerable API Could Expose npm Packages

*originally reported by Aqua Security

API vulnerabilities can (and often do) expose sensitive and private data, and the solution to such security vulnerabilities is hard-won as a retrofit, reinforcing the need for proper API security coverage in your toolchain from the outset. 

As discovered by Aqua Nautilus security researchers, a timing attack on the npm JavaScript package manager takes advantage of a vulnerable API to uncover private packages. According to Yakir  Kadkoda, “by creating a list of possible package names, threat actors can detect organizations’ scoped private packages and then masquerade public packages, tricking employees and users into downloading them. This kind of attack is linked to a broader category of supply chain attacks.”

Take Note: The vulnerability was a flaw within API architecture

The Aqua Nautilus security researchers conclude that the flaw exists within the API architecture as a result of a caching mechanism. A statement from GitHub offered no solutions to this API vulnerability, “Because of these architectural limitations, we cannot prevent timing attacks from determining whether a specific private package exists on npm 

Such responses further validate the need for proper API cataloging and protection platforms integrated into your API architecture that make use of behavioral analytics in order to prevent and block malicious traffic. In the ever-increasing threat landscape introduced by the explosion of API usage, it is unacceptable for security teams to ignore the need for adequate API Security platforms as part of their security toolchain.

Killnet Calls on Groups to Launch Additional Cyberattacks Against US Civilian Infrastructure

*As reported by darkreading.com

On Monday, pro-Russian threat group Killnet disrupted websites for US airports, including LAX, Chicago O’Hare, and Hartsfield-Jackson Atlanta International Airport, in a series of distributed denial-of-service (DDoS) attacks. Calling on similar groups to execute similar DDoS attacks on additional US infrastructure, Killnet’s attack is likely promoting the campaign against the US government’s support for Ukraine in its war with Russia.


Killnet’s DDoS attacks yields mixed results

The Killnet attacks exemplify a recent trend for geopolitical conflicts to spill into cybersecurity concerns, but come with mixed results.  Most of these cyberattacks “by pro-Russian groups that impacted US organizations have not been nearly as disruptive as attacks by Russian groups against Ukrainian entities.”  As reported by darkreading.com, “[w]hile the DDoS attacks made some of the sites inaccessible for several hours, they do not appear to have had any impact on airport operations.”

An Exposed Access Key Means Possible Data Theft for Toyota

*reported by Toyota

Because of an exposed access key, Toyota issues an apology and notice of possible leakage of customer information.  The exposure of the personally identifiable information (PII) was due to an access key being accessible on GitHub from December 2017 until September 15, 2022, having been mistakenly uploaded to GitHub by a “T-Connect” website development subcontractor.

The vulnerability created by the insufficient security practices further reinforces that following the API OWASP top ten, along with adding an adequate API Security platform to your toolchain, may prevent accidental data leaks from occurring in the first place.  


About Traceable

Traceable is the industry’s leading API security platform that identifies APIs, evaluates API risk posture, stops API attacks, and provides deep analytics for threat hunting and forensic research. With visual depictions of API paths at the core of its technology, its platform applies the power of distributed tracing and machine learning models for API security across the entire software development lifecycle. Book a demo today.