The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2022-36804, the issue relates to a command injection vulnerability that could allow malicious actors … [Read more...] about CISA Warns of Hackers Exploiting Critical Atlassian Bitbucket Server Vulnerability
Critical
Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures
The Ukrainian government on Monday warned of "massive cyberattacks" by Russia targeting critical infrastructure facilities located in the country and that of its allies. The attacks are said to be targeting the energy sector, the Main Directorate of Intelligence of the Ministry of Defense of Ukraine (GUR) said. "By the cyberattacks, the enemy will try to increase the effect of … [Read more...] about Ukraine Says Russia Planning Massive Cyberattacks on its Critical Infrastructures
Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
Atlassian has rolled out fixes for a critical security flaw in Bitbucket Server and Data Center that could lead to the execution of malicious code on vulnerable installations. Tracked as CVE-2022-36804 (CVSS score: 9.9), the issue has been characterized as a command injection vulnerability in multiple endpoints that could be exploited via specially crafted HTTP requests. "An … [Read more...] about Critical Vulnerability Discovered in Atlassian Bitbucket Server and Data Center
SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products
Network security company SonicWall on Friday rolled out fixes to mitigate a critical SQL injection (SQLi) vulnerability affecting its Analytics On-Prem and Global Management System (GMS) products. The vulnerability, tracked as CVE-2022-22280, is rated 9.4 for severity on the CVSS scoring system and stems from what the company describes is an "improper neutralization of special … [Read more...] about SonicWall Issues Patch for Critical Bug Affecting its Analytics and GMS Products
Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
A critical security flaw has been uncovered in UNISOC's smartphone chipset that could be potentially weaponized to disrupt a smartphone's radio communications through a malformed packet. "Left unpatched, a hacker or a military unit can leverage such a vulnerability to neutralize communications in a specific location," Israeli cybersecurity company Check Point said in a report … [Read more...] about Critical UNISOC Chip Vulnerability Affects Millions of Android Smartphones
GitLab Issues Security Patch for Critical Account Takeover Vulnerability
GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. Tracked as CVE-2022-1680, the issue has a CVSS severity score of 9.9 and was discovered internally by the company. The security flaw affects all versions of GitLab Enterprise Edition (EE) starting from 11.10 before 14.9.5, all versions … [Read more...] about GitLab Issues Security Patch for Critical Account Takeover Vulnerability
Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. The issues, now fixed by its Israeli developer MCE Systems, could have potentially allowed threat actors to stage remote and local attacks or be abused as vectors to obtain sensitive information by taking advantage of their extensive system … [Read more...] about Microsoft Finds Critical Bugs in Pre-Installed Apps on Millions of Android Devices
Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
Quanta Cloud Technology (QCT) servers have been identified as vulnerable to the severe "Pantsdown" Baseboard Management Controller (BMC) flaw, according to new research published today. "An attacker running code on a vulnerable QCT server would be able to 'hop' from the server host to the BMC and move their attacks to the server management network, possibly continue and obtain … [Read more...] about Critical ‘Pantsdown’ BMC Vulnerability Affects QCT Servers Used in Data Centers
Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects
Google on Thursday announced the creation of a new "Open Source Maintenance Crew" to focus on bolstering the security of critical open source projects. Additionally, the tech giant pointed out Open Source Insights as a tool for analyzing packages and their dependency graphs, using it to determine "whether a vulnerability in a dependency might affect your code." "With this … [Read more...] about Google Created ‘Open-Source Maintenance Crew’ to Help Secure Critical Projects
Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches
Cybersecurity researchers have detailed as many as five severe security flaws in the implementation of TLS protocol in several models of Aruba and Avaya network switches that could be abused to gain remote access to enterprise networks and steal valuable information. The findings follow the March disclosure of TLStorm, a set of three critical flaws in APC Smart-UPS devices that … [Read more...] about Critical TLStorm 2.0 Bugs Affect Widely-Used Aruba and Avaya Network Switches