Weekly Security Updates: Anthropic, Coinbase, and Incident Tracking

Weekly Security Updates: Anthropic, Coinbase, and Incident Tracking

In the rapidly evolving digital landscape, ensuring the security of our systems has become more crucial than ever. Recent discoveries of vulnerabilities in MCP Inspector and Filesystem MCP Server have highlighted the need for robust security measures.

Firstly, let's address the vulnerability in Anthropic's MCP Inspector (CVE-2025-49596). This flaw allows arbitrary code execution if the tool is exposed to the open Internet. To protect against this, network isolation is key. MCP Inspector should only be run on secure networks and not exposed to the open internet. Additionally, robust authentication and authorization mechanisms, port configuration, and regular updates are essential to maintain security. Anthropic has since released version 0.14.1 of MCP Inspector, which includes session token and origin verification to prevent the attack.

The Filesystem MCP Server, too, has two vulnerabilities: a path traversal flaw and a symlink handling issue. These vulnerabilities can potentially lead to privilege escalation if the server has higher privileges than a user. To mitigate these risks, implementing Access Control Lists (ACLs), OAuth and JSON-RPC security best practices, network segmentation, monitoring and logging, and regular security audits are recommended.

The localhost bypass exploit is a significant concern, as it allows websites to access localhost on MacOS and Linux machines. To protect against this, browser security updates are essential. Using proxy servers and DNS rebinding protection can also help prevent attackers from manipulating DNS records to bypass security controls.

In other news, Coinbase faced a ransom demand of $20 million from cyber-criminals who had gained access to outsourced customer support. Coinbase publicly refused to pay the ransom and instead offered a $20 million reward for information on the criminals. Unfortunately, this offer led to social engineering and spearphishing attacks. Coinbase suffered a data breach earlier this year, where nearly 70,000 users had their personal data, including names, addresses, and phone numbers, pilfered. The breach was not due to a technical flaw or malware, but insiders or outsiders with access to internal systems.

Lastly, an Applocker bypass was discovered on a Lenovo machine, allowing executables to be run by injecting them into an Alternate Data Stream (ADS), bypassing the Applocker whitelist. Instagram has an unusual SSL certificate rotation scheme, with certificates lasting 53 days and being deployed for one day every 45 days. A VPN Gateway pre-shared key was accessible to some Azure roles, but this has since been fixed. Azure's Managed Applications Reader role has access to deployments, jitRequests, and a broad range of actions. Ten roles in Azure have access to the broad read everything permission.

By implementing these measures, you can significantly reduce the risk posed by these security threats. Stay vigilant, stay secure.

1. In the realm of open source technology, especially Linux-based systems, implementing strong security measures is vital, such as using secure networks, robust authentication, and regular updates, as demonstrated by Anthropic's response to the MCP Inspector vulnerability.
2. In data-and-cloud computing, businesses must address potential threats, like the path traversal and symlink handling issues found in the Filesystem MCP Server. To mitigate these risks, implement Access Control Lists (ACLs), OAuth and JSON-RPC security best practices, network segmentation, monitoring and logging, and regular security audits.
3. Cybersecurity is also essential in the finance sector, as seen with Coinbase's data breach earlier this year, where user data was compromised due to insider or outsider access to internal systems. To prevent such incidents, maintaining browser security and utilizing DNS rebinding protection is crucial.
4. Lastly, companies like Lenovo must ensure their technology solutions, such as Applocker, are secure against bypasses, as discovered in the ADS-injected executable exploit. Businesses should be aware of potential vulnerabilities within their technology infrastructure and continuously work to address them.

Read also: