A breach data marketplace member has claimed to have gained access to the control panel of JIRA CRM backup of Chinese-owned, US-based business Motorola through malfunctions and errors.
According to the user under the alias LeakBase, the data includes admin panel data, which was exported in HTML format with screenshots. The leak site user claims that the data consists of various file formats, and the total size of the files is about 11GB.
Analysts who conducted the initial analysis of the data shared on the leak site indicate that the information is genuine. The Cyber Express has requested for a comment from Motorola.
The profile LeakBase has been active on the breach forum since March 2022. The Cyber Express earlier reported several of this leak site member’s posts, including that of German-managed IT service provider BITMARCK and US-based internet marketing service Purecars.
This is the latest cybersecurity instance in which both JIRA, the software application developed by the Australian software company Atlassian, and Motorola are under the security spotlight.
Motorola Mobility and cyber risks
Motorola, Inc. used to be a US-based multinational telecommunications company. However, after sustaining billion-dollar losses from 2007 to 2009, the company was split into two separate publicly traded companies, namely Motorola Mobility and Motorola Solutions, in 2011.
As part of the restructuring, Motorola Mobility was spun off, while Motorola Solutions became the legal successor to Motorola, Inc.
Motorola Mobility LLC, which made its products under the brand name Motorola, was acquired by Chinese technology company Lenovo in 2014.
At present, Motorola Mobility is primarily focused on manufacturing consumer electronics such as smartphones and other Android-based mobile devices, functioning as a subsidiary of Lenovo.
According to the leak site data, the information is that of Motorola Mobility. The website mentioned in the sample data, motorola.com, is the retail portal of Motorola Mobility.
Motorola Mobility was in the cybersecurity news in June 2022, after Checkpoint Research analysts discovered a vulnerability in the Tiger T700 chip – made by Chinese chipmaker Unisoc — that powers Moto G20, E30, and E40 devices that have been distributed across Europe in 2021.
The flaw arises when the cellular modem attempts to connect to an LTE network and involves the modem’s connection handler failing to verify a valid subscriber ID such as an IMSI, resulting in a stack overflow when a zero-digit field is read.
This could cause a denial of service attack or even allow for remote code execution if exploited. It is unclear whether other Unisoc AP chips use the same baseband modem with the same firmware, said the researchers.
JIRA, vulnerabilities, and security concerns
JIRA allows teams to track issues, manage projects, and automate workflows. In January, Atlassian issued an alert after finding the JIRA software vulnerable to cyberattacks.
The vulnerability, which affects the JIRA software, could potentially allow hackers to remotely execute arbitrary code on affected systems, said the company.
An authentication vulnerability was discovered in JIRA Service Management Server and Data Center which allows an attacker to impersonate another user and gain access to a JIRA Service Management instance under certain circumstances,” said the disclosure.
In October 2022, cybersecurity firm Bishop Fox reported two vulnerabilities in JIRA Align, which could potentially allow unauthorized access to the administrator area and compromise the company’s cloud infrastructure.
The vulnerabilities include a server-side request forgery (SSRF) flaw that could allow users to retrieve AWS credentials for Atlassian service accounts, and a weakness in the authorization mechanism for users, allowing them to gain administrator control over the JIRA Align tenant.
The combination of these vulnerabilities could lead to a significant attack on the cloud infrastructure of Atlassian, found the researchers.
Jake Shafer, the security consultant at Bishop Fox who discovered the flaw, explained that by exploiting the authorization flaw, a low-privileged user could elevate their role to super admin, gaining access to everything in the client’s JIRA deployment.