Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Vulnerability

sysdig

Sysdig integration with Backstage

Mar 11, 2024 By Joseph Yostos In Sysdig
Developers are frequently tasked with working with multiple tools in the cloud-native era. Each of these tools plays a crucial role in the application life cycle, from development to deployment and operations. However, the sheer variety and diversity of these tools can increase the likelihood of errors or the accidental inclusion of critical vulnerabilities and misconfigurations.
Read Post
indusface

OWASP Top 10 for LLM Applications - Critical Vulnerabilities and Risk Mitigation

Mar 11, 2024 By Vinugayathri Chinnasamy In Indusface
GPT’s debut created a buzz, democratizing AI beyond tech circles. While its language expertise offers practical applications, security threats like malware and data leaks pose challenges. Organizations must carefully assess and balance the benefits against these security risks. Ensuring your safety while maximizing the benefits of Large Language Models(LLMs) like ChatGPT involves implementing practical actions and preparing for current and future security challenges.
Read Post
kroll

JetBrains TeamCity Vulnerabilities (CVE-2024-27198 and CVE-2024-27199) Exploited

Mar 11, 2024 By Kroll In Kroll
Two critical vulnerabilities have been discovered and patched in TeamCity, a build management and continuous integration server from JetBrains. These vulnerabilities are being tracked as CVE-2024-27198 and CVE-2024-27199 and impact all TeamCity On-Premises versions through 2023.11.3. They are reportedly being actively exploited as of March 6, 2024, with a fix is available in version 2023.11.4, which was released Monday, March 4.
Read Post
Arctic Wolf

2024-27198 and CVE-2024-27199: Authentication Bypass RCE Vulnerabilities Affecting On-Premises Servers of TeamCity

Mar 11, 2024 By Andres Ramos In Arctic Wolf
On March 3, 2024, JetBrains published a blog post describing two authentication bypass vulnerabilities affecting the On-Premises Servers of TeamCity. An unauthenticated threat actor with HTTP(S) access to a TeamCity Server can exploit these vulnerabilities to bypass authentication and gain administrative control of a TeamCity Server. CVE-2024-27198 (CVSS 9.8): Alternative path issue in the web component of TeamCity that can lead to remote code execution (RCE). CVE-2024-27199 (CVSS 7.3)
Read Post
Arctic Wolf

CVE-2024-0692: High Severity Remote Code Execution Vulnerability Affecting SolarWinds Security Event Manager

Mar 11, 2024 By Andres Ramos In Arctic Wolf
On March 1, 2024, SolarWinds published a security advisory reporting that SolarWinds Security Event Manager (SEM) is vulnerable to a high severity vulnerability that allows an unauthenticated threat actor to achieve remote code execution (RCE), CVE-2024-0692. The vulnerability lies in the configuration of the AMF deserialization endpoints. Exploitation can occur due to insufficient validation of user-provided data, allowing untrusted data to be deserialized.
Read Post
detectify

Significant changes to attack surface overview and many new tests

Mar 8, 2024 By Victor Arellano In Detectify
The new attack surface overview puts the changes and potential risky exposures to your attack surface front and center. But that’s not all we’ve shipped in February. We’ve improved our Azure domain connector, simplifying onboarding for those users, and sent dozens of new vulnerability tests, such as CVE-2024-27199: TeamCity Authentication Bypass and CVE-2024-21893: Ivanti Connect Secure, Policy Secure SSRF.
Read Post

Hunting Exploitation of SmartScreen and Streaming Service CVEs | Threat SnapShot

Mar 8, 2024 By SnapAttack In SnapAttack
Let's face it - if patch management was a silver bullet then we wouldn't need vulnerability management, and threat actors know this. Vulnerabilities get picked up by threat actors and exploited as 1-days. In this week's Threat SnapShot, we'll look at a few recent Windows vulnerabilities that have been added to the CISA Known Exploited Vulnerability catalog and are actively used by threat actors like Water Hydra and Raspberry Robin. The first, a SmartScreen bypass (CVE-2023-36025 and CVE-2024-21412), allows code execution through crafted short links.
View Video
Snyk

Understanding the RSA-based Marvin Attack

Mar 7, 2024 By Vandana Verma Sehgal In Snyk
The Marvin Attack, named after the vulnerability it exploits, poses a significant threat to systems relying on RSA encryption and signing operations. It's a variation of the Bleichenbacher attack, which exploits errors in PKCS #1 v1.5 padding to perform adaptive-chosen ciphertext attacks. The attack leverages timing information obtained from RSA encryption or signing operations.
Read Post
splunk

Security Insights: JetBrains TeamCity CVE-2024-27198 and CVE-2024-27199

Mar 7, 2024 By Splunk Threat Research Team In Splunk
Two critical vulnerabilities have been exposed in JetBrains TeamCity On-Premises versions up to 2023.11.3. Identified by Rapid7’s vulnerability research team in February 2024, CVE-2024-27198 and CVE-2024-27199 pose a significant threat, enabling unauthenticated attackers to potentially gain administrative control or execute code remotely on affected TeamCity servers.
Read Post

Understand Security Misconfiguration | OWASP Top 10

Mar 7, 2024 By VISTA InfoSec In VISTA InfoSec
🔒 Unlocking Secure Software: Understanding Security Misconfiguration 🔒 In this OWASP Top 10 video, we delve into the critical topic of Security Misconfiguration (A05). 🛡️ Security Misconfiguration poses a significant risk in the OWASP Top 10. It occurs when applications or systems are configured with errors, leaving them vulnerable to exploitation by malicious actors. Whether it’s unchanged default settings or outdated software, these misconfigurations can have dire consequences.
View Video

Copyright © 2024 OpsMatters™. All rights reserved.