Flaw – Page 8 – OWASP Jakarta

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover Feb 07, 2024NewsroomCybersecurity / Software Security JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors to take over susceptible instances. The vulnerability, tracked Read more

By adminowasp, 1 year ago

News

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network

Chinese Hackers Exploited FortiGate Flaw to Breach Dutch Military Network Feb 07, 2024NewsroomCyber Espionage / Network Security Chinese state-backed hackers broke into a computer network that’s used by the Dutch armed forces by targeting Fortinet FortiGate devices. “This [computer network] was used for unclassified research and development (R&D),” the Dutch Read more

By adminowasp, 1 year ago

News

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation

Recent SSRF Flaw in Ivanti VPN Products Undergoes Mass Exploitation Feb 06, 2024NewsroomCybersecurity / Vulnerability A recently disclosed server-side request forgery (SSRF) vulnerability impacting Ivanti Connect Secure and Policy Secure products has come under mass exploitation. The Shadowserver Foundation said it observed exploitation attempts originating from more than 170 unique Read more

By adminowasp, 1 year ago

News

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw

New Mispadu Banking Trojan Exploiting Windows SmartScreen Flaw Feb 05, 2024NewsroomMalware / Financial Security The threat actors behind the Mispadu banking Trojan have become the latest to exploit a now-patched Windows SmartScreen security bypass flaw to compromise users in Mexico. The attacks entail a new variant of the malware that Read more

By adminowasp, 1 year ago

News

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros

New Glibc Flaw Grants Attackers Root Access on Major Linux Distros Jan 31, 2024NewsroomVulnerability / Endpoint Security Malicious local attackers can obtain full root access on Linux machines by taking advantage of a newly disclosed security flaw in the GNU C library (aka glibc). Tracked as CVE-2023-6246, the heap-based buffer Read more

By adminowasp, 1 year ago

News

URGENT: Upgrade GitLab – Critical Workspace Creation Flaw Allows File Overwrite

URGENT: Upgrade GitLab – Critical Workspace Creation Flaw Allows File Overwrite Jan 30, 2024NewsroomDevSecOps / Vulnerability GitLab once again released fixes to address a critical security flaw in its Community Edition (CE) and Enterprise Edition (EE) that could be exploited to write arbitrary files while creating a workspace. Tracked as Read more

By adminowasp, 1 year ago

News

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems

Critical Cisco Flaw Lets Hackers Remotely Take Over Unified Comms Systems Jan 26, 2024NewsroomNetwork Security / Vulnerability Cisco has released patches to address a critical security flaw impacting Unified Communications and Contact Center Solutions products that could permit an unauthenticated, remote attacker to execute arbitrary code on an affected device. Read more

By adminowasp, 1 year ago

News

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks

Apache ActiveMQ Flaw Exploited in New Godzilla Web Shell Attacks Jan 22, 2024NewsroomVulnerability / Malware Cybersecurity researchers are warning of a “notable increase” in threat actor activity actively exploiting a now-patched flaw in Apache ActiveMQ to deliver the Godzilla web shell on compromised hosts. “The web shells are concealed within Read more

By adminowasp, 2 years ago

News

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years

Chinese Hackers Silently Weaponized VMware Zero-Day Flaw for 2 Years Jan 20, 2024NewsroomZero Day / Cyber Espionage An advanced China-nexus cyber espionage group previously linked to the exploitation of security flaws in VMware and Fortinet appliances has been linked to the abuse of a critical vulnerability in VMware vCenter Server Read more

By adminowasp, 2 years ago

News

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks

TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks Jan 18, 2024NewsroomSupply Chain Attacks / AI Security Continuous integration and continuous delivery (CI/CD) misconfigurations discovered in the open-source TensorFlow machine learning framework could have been exploited to orchestrate supply chain attacks. The misconfigurations could be abused by an attacker to Read more

By adminowasp, 2 years ago