May 21, 2024NewsroomVulnerability / Software Development GitHub has rolled out fixes to address a maximum severity flaw in the GitHub Enterprise Server (GHES) that could allow an attacker to bypass authentication protections. Tracked as CVE-2024-4985 (CVSS score: 10.0), the issue could permit unauthorized access to an instance without requiring prior authentication. "On … [Read more...] about Critical GitHub Enterprise Server Flaw Allows Authentication Bypass
Server
KeyTrap attack can take out a DNS server
A group of researchers representing several German universities and institutes have discovered a vulnerability in DNSSEC, a set of extensions to the DNS protocol designed to improve its security, and primarily to counter DNS spoofing. An attack they dubbed KeyTrap, which exploits the vulnerability, can disable a DNS server by sending it a single malicious data packet. Read on … [Read more...] about KeyTrap attack can take out a DNS server
SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks
Jan 25, 2024NewsroomRemote Access Trojan Cybersecurity researchers have shed light on the command-and-control (C2) server of a known malware family called SystemBC. "SystemBC can be purchased on underground marketplaces and is supplied in an archive containing the implant, a command-and-control (C2) server, and a web administration portal written in PHP," Kroll said in an … [Read more...] about SystemBC Malware’s C2 Server Analysis Exposes Payload Delivery Tricks
Vulnerability in Confluence Data Center and Confluence Server
Recently, CISA, the FBI, and MS-ISAC issued a joint advisory urging all organizations that use Confluence Data Center and Confluence Server to update the software immediately due to a major vulnerability. Here’s what the problem is and why this advisory is on point. CVE-2023-22515 in Confluence Data Center and Confluence Server The vulnerability in question, designated … [Read more...] about Vulnerability in Confluence Data Center and Confluence Server
Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
Microsoft on Friday disclosed it has made more improvements to the mitigation method offered as a means to prevent exploitation attempts against the newly disclosed unpatched security flaws in Exchange Server. To that end, the tech giant has revised the blocking rule in IIS Manager from ".*autodiscover\.json.*Powershell.*" to "(?=.*autodiscover\.json)(?=.*powershell)." The … [Read more...] about Microsoft Issues Improved Mitigations for Unpatched Exchange Server Vulnerabilities
CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors … [Read more...] about CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An … [Read more...] about Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Crypto Miners Using Tox P2P Messenger as Command and Control Server
Threat actors have begun to use the Tox peer-to-peer instant messaging service as a command-and-control method, marking a shift from its earlier role as a contact method for ransomware negotiations. The findings from Uptycs, which analyzed an Executable and Linkable Format (ELF) artifact ("72client") that functions as a bot and can run scripts on the compromised host using the … [Read more...] about Crypto Miners Using Tox P2P Messenger as Command and Control Server
New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
A new unpatched security vulnerability has been disclosed in the open-source Horde Webmail client that could be exploited to achieve remote code execution on the email server simply by sending a specially crafted email to a victim. "Once the email is viewed, the attacker can silently take over the complete mail server without any further user interaction," SonarSource said in a … [Read more...] about New Unpatched Horde Webmail Bug Lets Hackers Take Over Server by Sending Email
Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server
The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted … [Read more...] about Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server