Security News > 2022 > July

On Thursday, the Jenkins security team announced 34 security vulnerabilities affecting 29 plugins for the Jenkins open source automation server, 29 of the bugs being zero-days still waiting to be patched. The zero-days' CVSS base scores range from low to high severity, and, according to Jenkins' stats, the impacted plugins have a total of more than 22,000 installs.

The U.S. Cybersecurity and Infrastructure Security Agency this week moved to add a Linux vulnerability dubbed PwnKit to its Known Exploited Vulnerabilities Catalog, citing evidence of active exploitation. Polkit is a toolkit for controlling system-wide privileges in Unix-like operating systems, and provides a mechanism for non-privileged processes to communicate with privileged processes.

A newly discovered malware has been put to use in the wild at least since March 2021 to backdoor Microsoft Exchange servers belonging to a wide range of entities worldwide, with infections lingering in 20 organizations as of June 2022. Dubbed SessionManager, the malicious tool masquerades as a module for Internet Information Services, a web server software for Windows systems, after exploiting one of the ProxyLogon flaws within Exchange servers.

Microsoft has created a window of time in which its partners can - without permission - create new roles for themselves in customers' Active Directory implementations. Microsoft wised up to the fact that its partners would likely be targeted, too, and spotted a weakness in the delegated admin privileges that partners are given to manage their customers' software purchases.

Fixing indirect vulnerabilities is one of those complex, tedious and, quite frankly, boring tasks that no one really wants to touch. You see, indirect dependencies are introduced deep down the dependency tree and it's very tricky to get to the exact version you want.

In this video for Help Net Security, Scott Sutherland, Senior Director, Adversary Simulation and Infrastructure Testing, NetSPI, discusses how, in order to stay ahead of malicious actors,...

To address these challenges, Group-IB has developed the Unified Risk Platform, a comprehensive set of solutions that understands each organization's threat profile and configures defenses, and responds to threats in real-time. At the heart of the Unified Risk Platform is Group-IB's Single Data Lake, which contains the industry's richest body of adversary intelligence.

Cynet Automated Response Playbooks empowers security teams to reduce their alert investigation. Cynet's Automated Response Playbooks automate manual tasks and workflows, empowering security teams to reduce their alert investigation and response times by 90%. In addition to freeing up valuable time for security teams, the playbooks provide a defined, consistent response process for more accurate security decisions and ensure that all alerts are properly addressed.

A cloud threat actor group tracked as 8220 has updated its malware toolset to breach Linux servers with the goal of installing crypto miners as part of a long-running campaign. "The updates include the deployment of new versions of a crypto miner and an IRC bot," Microsoft Security Intelligence said in a series of tweets on Thursday.

"The Amazon access token is used to authenticate the user across multiple Amazon APIs, some of which contain personal data such as full name, email, and address," Checkmarx researchers João Morais and Pedro Umbelino said. "Others, like the Amazon Drive API, allow an attacker full access to the user's files."