Atlassian Patches Vulnerabilities in Bamboo, Bitbucket, Confluence, Crowd

September 19, 2024 at 08:36AM Atlassian addressed multiple high-severity vulnerabilities in Bamboo, Bitbucket, Confluence, and Crowd with patches. The vulnerabilities allowed attackers to cause denial-of-service conditions. The patches address security defects in various components and dependencies, with the company urging users to update their installations as soon as possible. None of these issues have been … Read more

Juniper Networks Warns of Critical Authentication Bypass Vulnerability

July 1, 2024 at 07:28AM Juniper Networks issued an out-of-cycle security bulletin regarding a critical vulnerability, tracked as CVE-2024-2973, which can lead to an authentication bypass on Session Smart routers and conductor products. The company advised affected systems to upgrade to specific software versions and noted that the vulnerability has been automatically resolved on certain … Read more

Google warns of actively exploited Pixel firmware zero-day

June 12, 2024 at 03:13PM Google has released patches for 50 security vulnerabilities affecting its Pixel devices. One flaw, CVE-2024-32896, has been targeted in zero-day attacks and is considered a high-severity issue. The company advises all supported Google devices to accept the 2024-06-05 patch update. Pixel users must go to Settings > Security & privacy … Read more

ZenHammer Attack Targets DRAM on Systems With AMD CPUs

March 26, 2024 at 11:00AM Researchers at ETH Zürich have demonstrated that Rowhammer attacks can be conducted against DDR4 and DDR5 memory on AMD Zen 2 and Zen 3 systems, despite mitigation efforts. They have named this variant ZenHammer and disclosed their findings to AMD, which has published a security bulletin and provided mitigation recommendations. … Read more

Citrix Warns NetScaler ADC Customers of New Zero-Day Exploitation

January 17, 2024 at 05:06AM Citrix published a security bulletin revealing that two zero-day vulnerabilities in NetScaler ADC and Gateway products are being exploited. CVE-2023-6548 allows remote execution of code, and CVE-2023-6549 enables DoS attacks. Citrix advises immediate patch installation. The vulnerabilities may be exploited in targeted attacks but are not expected to have significant … Read more

Atlassian warns of critical RCE flaw in older Confluence versions

January 16, 2024 at 10:23AM Atlassian Confluence Data Center and Server had a critical remote code execution vulnerability (CVE-2023-22527) impacting versions released before December 5, 2023. The flaw allowed unauthenticated attackers to perform remote code execution. Atlassian fixed the vulnerability in later versions and advises users to install the latest version to protect against potential … Read more

Sophos backports RCE fix after attacks on unsupported firewalls

December 12, 2023 at 12:36PM Sophos issued a backported security update for CVE-2022-3236 for end-of-life firewall firmware versions due to active exploitation by hackers. The flaw allows remote code execution in the User Portal and Webadmin. Despite automatic updates, over 4,000 devices remained vulnerable. Sophos advised updating to specific versions or using workarounds to mitigate … Read more