Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber … [Read more...] about Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
vulnerability
Researcher Releases PoC for Recent Java Cryptographic Vulnerability
A proof-of-concept (PoC) code demonstrating a newly disclosed digital signature bypass vulnerability in Java has been shared online. The high-severity flaw in question, CVE-2022-21449 (CVSS score: 7.5), impacts the following version of Java SE and Oracle GraalVM Enterprise Edition - Oracle Java SE: 7u331, 8u321, 11.0.14, 17.0.2, 18 Oracle GraalVM Enterprise Edition: 20.3.5, … [Read more...] about Researcher Releases PoC for Recent Java Cryptographic Vulnerability
Critical LFI Vulnerability Reported in Hashnode Blogging Platform
Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded … [Read more...] about Critical LFI Vulnerability Reported in Hashnode Blogging Platform
Spring4Shell Zero-Day Vulnerability: Overview and Alert
On March 29, 2022, a critical vulnerability targeting the Spring Java framework was disclosed by VMware. This severe vulnerability is identified as a separate vulnerability inside Spring Core, tracked as CVE-2022-22965 and canonically named “Spring4Shell” or “SpringShell”, leveraging class injection leading to a full remote code execution (RCE). The zero-day vulnerability has … [Read more...] about Spring4Shell Zero-Day Vulnerability: Overview and Alert
Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
The recently disclosed critical Spring4Shell vulnerability is being actively exploited by threat actors to execute the Mirai botnet malware, particularly in the Singapore region since the start of April 2022. "The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using 'chmod,'" Trend Micro researchers … [Read more...] about Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware
Spring4Shell: critical vulnerability in Spring
Researchers have discovered a critical vulnerability CVE-2022-22965, in Spring, an open source framework for the Java platform. Unfortunately, details about the vulnerability were leaked to the public before the official announcement was published and the relevant patches were released. The vulnerability immediately attracted attention of information security specialists, as it … [Read more...] about Spring4Shell: critical vulnerability in Spring
New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
CrowdStrike cloud security researchers discovered a new vulnerability (dubbed “cr8escape” and tracked as CVE-2022-0811) in the Kubernetes container engine CRI-O. CrowdStrike disclosed the vulnerability to Kubernetes, which worked with CRI-O to issue a patch that was released today. It is recommended that CRI-O users patch immediately. CrowdStrike customers are protected from … [Read more...] about New Vulnerability in CRI-O Container Engine (CVE-2022-0811)
New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
Details have emerged about a now-patched high-severity vulnerability in the Linux kernel that could potentially be abused to escape a container in order to execute arbitrary commands on the container host. The shortcoming resides in a Linux kernel feature called control groups, also referred to as cgroups version 1 (v1), which allows processes to be organized into hierarchical … [Read more...] about New Linux Kernel cgroups Vulnerability Could Let Attackers Escape Container
New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances
Researchers have disclosed details of a new security vulnerability in GitLab, an open-source DevOps software, that could potentially allow a remote, unauthenticated attacker to recover user-related information. Tracked as CVE-2021-4191 (CVSS score: 5.3), the medium-severity flaw affects all versions of GitLab Community Edition and Enterprise Edition starting from 13.0 and all … [Read more...] about New Security Vulnerability Affects Thousands of Self-Managed GitLab Instances
How the CrowdStrike Falcon Platform Automates Vulnerability Remediation
Adversaries are becoming more adept and sophisticated in their attacks. Taking advantage of vulnerabilities present in major software is often an attractive entry point for establishing a campaign within an enterprise environment. The CrowdStrike 2022 Global Threat Report highlights how adversaries continue to shift tradecraft and weaponize vulnerabilities to evade detection … [Read more...] about How the CrowdStrike Falcon Platform Automates Vulnerability Remediation