#securityflaws – Page 6

BianLian Threat Actors Exploiting JetBrains TeamCity Flaws in Ransomware Attacks

March 11, 2024 by Xynik

March 11, 2024 at 06:51AM Threat actors using BianLian ransomware exploit security flaws in JetBrains TeamCity software for extortion-only attacks. The cyberattack involves exploiting TeamCity vulnerabilities to gain initial access, deploying the BianLian backdoor, and using PowerShell for remote communication. VulnCheck also detailed PoC exploits for a critical flaw in Atlassian Confluence, indicating widespread exploitation. … Read more

Critical TeamCity Vulnerability Exploitation Started Immediately After Disclosure

March 7, 2024 by Xynik

March 7, 2024 at 06:27AM In March, JetBrains announced patches for two critical vulnerabilities in TeamCity, leading to immediate exploitation attempts due to miscommunication between Rapid7 and JetBrains. Rapid7 disclosed the flaws to prevent silent patching, while JetBrains wanted customers to install patches first. Exploitation attempts were seen from numerous IPs, highlighting the urgency of … Read more

VMware Issues Security Patches for ESXi, Workstation, and Fusion Flaws

March 6, 2024 by Xynik

March 6, 2024 at 03:15AM VMware has issued patches for four security flaws affecting ESXi, Workstation, and Fusion, including two critical bugs allowing code execution. The vulnerabilities, including use-after-free bugs in the XHCI USB controller, carry high CVSS scores. CVE-2024-22252 and CVE-2024-22253 were discovered by multiple security researchers and require immediate patching. Temporary workaround includes … Read more

Critical Vulnerability Exposes TeamCity Servers to Takeover

March 5, 2024 by Xynik

March 5, 2024 at 07:06AM JetBrains has released patches for critical authentication bypass vulnerabilities in its TeamCity build management server. Tracked as CVE-2024-27198 and CVE-2024-27199, these flaws allow unauthenticated attackers to gain full control of the server, execute arbitrary code, and access sensitive information. A security fix is available in TeamCity version 2023.11.4. Customers are … Read more

VMware urges admins to remove deprecated, vulnerable auth plug-in

February 20, 2024 by Xynik

February 20, 2024 at 04:05PM VMware warns administrators to remove a deprecated authentication plugin due to security vulnerabilities, enabling attackers to hijack privileged sessions and relay Kerberos tickets. To address the flaws, uninstall the plugin and stop its associated Windows service using PowerShell commands. The company stated there is no evidence of exploitation, and advises … Read more

ConnectWise urges ScreenConnect admins to patch critical RCE flaw

February 20, 2024 by Xynik

February 20, 2024 at 11:52AM ConnectWise issued a warning to immediately patch ScreenConnect servers due to high-severity flaws that can lead to remote code execution attacks. There is no evidence of exploitation, but urgency is stressed for on-premise partners. Huntress security researchers already created a bypass proof-of-concept exploit. CISA, NSA, and MS-ISAC have issued a … Read more

Patch Tuesday: Adobe Warns of Critical Flaws in Widely Deployed Software

February 13, 2024 by Xynik

February 13, 2024 at 01:03PM Adobe released patches for 30 security vulnerabilities in various products, including Adobe Acrobat, Reader, and Magento Open Source, among others. Users are at risk of code execution, security feature bypass, and denial-of-service attacks. The urgent patches address critical flaws and code execution bugs, with Adobe’s assurance of no known exploits … Read more

Alert: Ivanti Discloses 2 New Zero-Day Flaws, One Under Active Exploitation

January 31, 2024 by Xynik

January 31, 2024 at 12:38PM Ivanti has flagged high-severity vulnerabilities in its Connect Secure and Policy Secure products. CVE-2024-21888 allows privilege escalation, while CVE-2024-21893 allows server-side request forgery. Although there’s no evidence of customers being impacted by CVE-2024-21888, CVE-2024-21893’s exploitation is targeted. Ivanti has released fixes and recommends a factory reset before patching. Temporary workarounds … Read more

Westermo Switch Vulnerabilities Can Facilitate Attacks on Industrial Organizations

January 26, 2024 by Xynik

January 26, 2024 at 08:15AM CISA warned that Westermo Lynx industrial switches are vulnerable to eight flaws, with potential for remote exploitation and device tampering. Spanish cybersecurity researchers identified the flaws, including cross-site scripting and code injection. Although some vulnerabilities are challenging to exploit, the company is addressing the issues with a patch for CSRF … Read more

Critical Jenkins Vulnerability Exposes Servers to RCE Attacks – Patch ASAP!

January 25, 2024 by Xynik

January 25, 2024 at 11:38AM Jenkins recently resolved nine security flaws, including a critical bug (CVE-2024-23897) enabling remote code execution. An arbitrary file read vulnerability through the command line interface was identified. Attackers could exploit this to read arbitrary files on the Jenkins controller file system. The flaw was discovered by Yaniv Nizry and fixed … Read more