Security researchers have disclosed a security vulnerability in the VirusTotal platform that could have been potentially weaponized to achieve remote code execution (RCE). The flaw, now patched, made it possible to "execute commands remotely within VirusTotal platform and gain access to its various scans capabilities," Cysource researchers Shai Alfasi and Marlon Fabiano da … [Read more...] about Researchers Report Critical RCE Vulnerability in Google’s VirusTotal Platform
Critical
Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Atlassian has published a security advisory warning of a critical vulnerability in its Jira software that could be abused by a remote, unauthenticated attacker to circumvent authentication protections. Tracked as CVE-2022-0540, the flaw is rated 9.9 out of 10 on the CVSS scoring system and resides in Jira's authentication framework, Jira Seraph. Khoadha of Viettel Cyber … [Read more...] about Atlassian Drops Patches for Critical Jira Authentication Bypass Vulnerability
Critical LFI Vulnerability Reported in Hashnode Blogging Platform
Researchers have disclosed a previously undocumented local file inclusion (LFI) vulnerability in Hashnode, a developer-oriented blogging platform, that could be abused to access sensitive data such as SSH keys, server's IP address, and other network information. "The LFI originates in a Bulk Markdown Import feature that can be manipulated to provide attackers with unimpeded … [Read more...] about Critical LFI Vulnerability Reported in Hashnode Blogging Platform
Spring4Shell: critical vulnerability in Spring
Researchers have discovered a critical vulnerability CVE-2022-22965, in Spring, an open source framework for the Java platform. Unfortunately, details about the vulnerability were leaked to the public before the official announcement was published and the relevant patches were released. The vulnerability immediately attracted attention of information security specialists, as it … [Read more...] about Spring4Shell: critical vulnerability in Spring
Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
The maintainers of Spring Framework have released an emergency patch to address a newly disclosed remote code execution flaw that, if successfully exploited, could allow an unauthenticated attacker to take control of a targeted system. Tracked as CVE-2022-22965, the high-severity flaw impacts Spring Framework versions 5.3.0 to 5.3.17, 5.2.0 to 5.2.19, and other older, … [Read more...] about Security Patch Releases for Critical Zero-Day Bug in Java Spring Framework
U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide
The U.S. government on Thursday released a cybersecurity advisory outlining multiple intrusion campaigns conducted by state-sponsored Russian cyber actors from 2011 to 2018 that targeted the energy sector in the U.S. and beyond. "The [Federal Security Service] conducted a multi-stage campaign in which they gained remote access to U.S. and international Energy Sector networks, … [Read more...] about U.S. Charges 4 Russian Govt. Employees Over Hacking Critical Infrastructure Worldwide
Introducing the new ‘Defending Against Critical Threats’ report
Today, we’re pleased to launch our annual Defending Against Critical Threats report. Inside, we cover the most significant vulnerabilities and incidents of 2021, with expert analysis, insights and predictions from our security and threat intelligence teams across Cisco Talos, Duo Security, Kenna Security, and Cisco Umbrella. It’s clear that 2021 – and, indeed, the start of 2022 … [Read more...] about Introducing the new ‘Defending Against Critical Threats’ report
Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking
Researchers have disclosed details of critical security vulnerabilities in TerraMaster network-attached storage (TNAS) devices that could be chained to attain unauthenticated remote code execution with the highest privileges. The issues reside in TOS, an abbreviation for TerraMaster Operating System, and "can grant unauthenticated attackers access to the victim's box simply by … [Read more...] about Critical Bugs in TerraMaster TOS Could Open NAS Devices to Remote Hacking
Defending Against Critical Threats: Analyzing Key Trends, Part 2
In the second of this three-part blog series, we look at some more highlights from our annual “Defending Against Critical Threats” webinar covering Log4J, Emotet, and the rise of Mac OS malware. Be sure to watch the videos for a more in-depth analysis. The Cisco Talos Incident Response team (CTIR) were on the front lines of helping our customers tackle the Log4J vulnerability … [Read more...] about Defending Against Critical Threats: Analyzing Key Trends, Part 2
Defending Against Critical Threats: Analyzing Key Trends, Part 1
Earlier this year we held a live broadcast, featuring cybersecurity threat analysts from across Cisco Secure. We discussed the most significant cyber threats of 2021, what we’re seeing now, and how defenders can best protect their organizations in the year ahead. In the first of this three-part series, we’ve compiled some brief highlights from the broadcast. Be sure to watch … [Read more...] about Defending Against Critical Threats: Analyzing Key Trends, Part 1