Continuous integration vendor Travis CI has patched a serious security flaw that exposed API keys, access tokens, and credentials, potentially putting organizations that use public source code repositories at risk of further attacks. The issue — tracked as CVE-2021-41077 — concerns unauthorized access and plunder of secret environment data associated with a public open-source … [Read more...] about Travis CI Flaw Exposes Secrets of Thousands of Open Source Projects
Flaw
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted … [Read more...] about Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
A Critical Random Number Generator Flaw Affects Billions of IoT Devices
A critical vulnerability has been disclosed in hardware random number generators used in billions of Internet of Things (IoT) devices whereby it fails to properly generate random numbers, thus undermining their security and putting them at risk of attacks. "It turns out that these 'randomly' chosen numbers aren't always as random as you'd like when it comes to IoT devices," … [Read more...] about A Critical Random Number Generator Flaw Affects Billions of IoT Devices
North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute
South Korea's state-run Korea Atomic Energy Research Institute (KAERI) on Friday disclosed that its internal network was infiltrated by suspected attackers operating out of its northern counterpart. The intrusion is said to have taken place on May 14 through a vulnerability in an unnamed virtual private network (VPN) vendor and involved a total of 13 IP addresses, one of which … [Read more...] about North Korea Exploited VPN Flaw to Hack South’s Nuclear Research Institute
New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks
New research into 5G architecture has uncovered a security flaw in its network slicing and virtualized network functions that could be exploited to allow data access and denial of service attacks between different network slices on a mobile operator's 5G network. AdaptiveMobile shared its findings with the GSM Association (GSMA) on February 4, 2021, following which the … [Read more...] about New 5G Flaw Exposes Priority Networks to Location Tracking and Other Attacks
Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
Application security company F5 Networks on Wednesday published an advisory warning of four critical vulnerabilities impacting multiple products that could result in a denial of service (DoS) attack and even unauthenticated remote code execution on target networks. The patches concern a total of seven related flaws (from CVE-2021-22986 through CVE-2021-22992), two of which were … [Read more...] about Critical Pre-Auth RCE Flaw Found in F5 Big-IP Platform — Patch ASAP!
Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
Cybersecurity researchers have warned of a publicly available fully-functional exploit that could be used to target SAP enterprise software. The exploit leverages a vulnerability, tracked as CVE-2020-6207, that stems from a missing authentication check in SAP Solution Manager (SolMan) version 7.2 SAP SolMan is an application management and administration solution that offers … [Read more...] about Beware! Fully-Functional Exploit Released Online for SAP Solution Manager Flaw
A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
An authentication bypass vulnerability in the SolarWinds Orion software may have been leveraged by adversaries as zero-day to deploy the SUPERNOVA malware in target environments. According to an advisory published yesterday by the CERT Coordination Center, the SolarWinds Orion API that's used to interface with all other Orion system monitoring and management products suffers … [Read more...] about A New SolarWinds Flaw Likely Had Let Hackers Install SUPERNOVA Malware
2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
cPanel, a provider of popular administrative tools to manage web hosting, has patched a security vulnerability that could have allowed remote attackers with access to valid credentials to bypass two-factor authentication (2FA) protection on an account. The issue, tracked as "SEC-575" and discovered by researchers from Digital Defense, has been remedied by the company in … [Read more...] about 2-Factor Authentication Bypass Flaw Reported in cPanel and WHM Software
Critical Unpatched VMware Flaw Affects Multiple Corporates Products
VMware has released temporary workarounds to address a critical vulnerability in its products that could be exploited by an attacker to take control of an affected system. "A malicious actor with network access to the administrative configurator on port 8443 and a valid password for the configurator admin account can execute commands with unrestricted privileges on the … [Read more...] about Critical Unpatched VMware Flaw Affects Multiple Corporates Products