New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution

October 11, 2024 at 03:27AM GitLab has released security updates for its Community and Enterprise Editions, addressing eight vulnerabilities, including a critical one (CVE-2024-9164) with a CVSS score of 9.6, allowing unauthorized CI/CD pipeline execution. Users are urged to update their instances to mitigate potential threats, as ongoing vulnerabilities have recently been disclosed. **Meeting Takeaways … Read more

CISA warns of Jenkins RCE bug exploited in ransomware attacks

August 19, 2024 at 03:22PM CISA warns of critical Jenkins vulnerability (CVE-2024-23897) exploited for remote code execution. Multiple PoCs published online with over 28,000 exposed instances. Trend Micro reports exploitation started in March, with recent breaches affecting Indian banks. CISA orders FCEB agencies to secure servers by September 9, urging all organizations to prioritize fixing … Read more

Turning Jenkins Into a Cryptomining Machine From an Attacker’s Perspective

July 5, 2024 at 05:04AM Summary: The blog entry discusses how attackers can use the Jenkins Script Console for cryptomining by executing malicious Groovy scripts if the console is not properly configured. Misconfigurations and vulnerable Jenkins servers can enable remote code execution and the deployment of cryptocurrency miners. The entry also provides mitigations and indicators … Read more

Critical GitLab bug lets attackers run pipelines as any user

June 27, 2024 at 10:57AM A critical vulnerability affecting certain versions of GitLab allows running pipelines as any user, with a severity score of 9.6 out of 10. It impacts versions from 15.8 through 16.11.4, 17.0.0 to 17.0.2, and 17.1.0 to 17.1.0, with updates to versions 17.1.1, 17.0.3, and 16.11.5 available. Two breaking changes and … Read more

26 Security Issues Patched in TeamCity

March 29, 2024 at 07:18AM JetBrains released TeamCity 2024.03, addressing 26 security issues and introducing semi-automatic security updates. They emphasized not sharing vulnerability details to protect clients using older versions. The update patches seven CVEs, including a high-severity flaw enabling bypass of two-factor authentication. JetBrains’ cautious approach follows a recent incident of a critical flaw … Read more

Rootkit Turns Kubernetes From Orchestration to Subversion

November 22, 2023 at 11:26AM Kubernetes, a popular orchestration platform for containerized software environments, has become a target for attackers. While most attacks have focused on stealing cloud compute resources for cryptocurrency mining, security researchers warn that rootkit infections could give attackers greater control over Kubernetes clusters. These rootkits can hide malicious containers and perform … Read more

Software Vulnerabilities Are on the Decline, According to New Synopsys Research

November 14, 2023 at 09:45PM Synopsys, Inc. has released the 2023 Software Vulnerability Snapshot report, which shows a decrease in vulnerabilities found in target applications. The report suggests that code reviews, automated testing, and continuous integration are helping to reduce programming errors. However, relying on a single security testing solution is no longer sufficient, and … Read more

North Korean Hackers Exploiting Recent TeamCity Vulnerability

October 19, 2023 at 07:06AM Multiple North Korean threat actors, including Diamond Sleet and Onyx Sleet, have been targeting vulnerable TeamCity servers using the CVE-2023-42793 vulnerability, which allows remote code execution and admin-level access. Microsoft warns that these threat actors have a history of conducting software supply chain attacks and poses a high risk to … Read more