Security News

Atlassian has published a security advisory warning Bitbucket Server and Data Center users of a critical security flaw that attackers could leverage to execute arbitrary code on vulnerable instances. "An attacker with access to a public repository or with read permissions to a private Bitbucket repository can execute arbitrary code by sending a malicious HTTP request," explains Atlassian's advisory.

GitLab is urging users to install a security update for branches 15.1, 15.2, and 15.3 of its community and enterprise editions to fix a critical vulnerability that could enable an attacker to perform remote command execution via Github import.The latest GitLab versions that address the problem are 15.3.1, 15.2.3, and 15.1.5, which users are advised to upgrade to immediately.

The U.S. Cybersecurity and Infrastructure Security Agency on Monday added a security flaw impacting Palo Alto Networks PAN-OS to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation.The high-severity vulnerability, tracked as CVE-2022-0028, is a URL filtering policy misconfiguration that could allow an unauthenticated, remote attacker to carry out reflected and amplified TCP denial-of-service attacks.

Details of an eight-year-old security vulnerability in the Linux kernel have emerged that the researchers say is "As nasty as Dirty Pipe.". "DirtyCred is a kernel exploitation concept that swaps unprivileged kernel credentials with privileged ones to escalate privilege," researchers Zhenpeng Lin, Yuhang Wu, and Xinyu Xing noted.

Bitcoin ATM manufacturer General Bytes confirmed that it was a victim of a cyberattack that exploited a previously unknown flaw in its software to plunder cryptocurrency from its users. "This vulnerability has been present in CAS software since version 2020-12-08.".

Amazon acquired the doorbell maker for about $1 billion in 2018. Application security firm Checkmarx explained it identified a cross-site scripting flaw that it said could be weaponized as part of an attack chain to trick victims into installing a malicious app.

Janet Jackson's Rhythm Nation music video of 1989 has officially been declared a security vulnerability as it freezes some models of hard drives on older computers. A broken record, and "Tape stop" are all too familiar terms for DJs and music enthusiasts, but a song crashing hard disks you say? Now that would make anyone glare.

A vulnerability in the Android version of the Ring app, which is used to remotely manage Amazon Ring outdoor and indoor surveillance cameras, could have been exploited by attackers to extract users' personal data and device's data, including geolocation, address, and recordings. The vulnerability was discovered by Checkmarx researchers, who went one step further and demonstrated how an attacker could later analyze huge numbers of recordings with the help of computer vision technology, to extract additional sensitive information and material.

People frequently confuse penetration testing and vulnerability scanning, and it's easy to see why. Penetration testing is a manual security assessment where cyber security professional attempts to find a way to break into your systems.

Google on Tuesday rolled out patches for Chrome browser for desktops to contain an actively exploited high-severity zero-day flaw in the wild. Security researchers Ashley Shen and Christian Resell of Google Threat Analysis Group have been credited with reporting the flaw on July 19, 2022.