Saturday, September 30, 2023

InfoSec News Feeds

Packetstorm

  • JetBrains TeamCity Unauthenticated Remote Code...
    on 29 September 2023 at 3:45 PM

    This Metasploit module exploits an authentication bypass vulnerability to achieve unauthenticated remote code execution against a vulnerable JetBrains TeamCity server. All versions of TeamCity prior to version 2023.05.4 are vulnerable to this issue. The vulnerability was originally discovered by […]

  • Ubuntu Security Notice USN-6386-2
    on 29 September 2023 at 3:41 PM

    Ubuntu Security Notice 6386-2 - Jana Hofmann, Emanuele Vannacci, Cedric Fournet, Boris Kopf, and Oleksii Oleksenko discovered that some AMD processors could leak stale data from division operations in certain situations. A local attacker could possibly use this to expose sensitive information. It […]

  • Gentoo Linux Security Advisory 202309-14
    on 29 September 2023 at 3:41 PM

    Gentoo Linux Security Advisory 202309-14 - Multiple vulnerabilities have been found in libarchive, the worst of which could result in denial of service. Versions greater than or equal to 3.7.1 are affected.

THN

PortSwigger

Security Affaris

  • Chinese threat actors stole around 60,000 emails...
    by Pierluigi Paganini on 29 September 2023 at 12:08 PM

    China-linked threat actors stole around 60,000 emails from U.S. State Department after breaching Microsoft’s Exchange email platform in May. China-linked hackers who breached Microsoft’s email platform in May have stolen tens of thousands of emails from U.S. State Department accounts, a Senate […]

  • Misconfigured WBSC server leaks thousands of...
    by Pierluigi Paganini on 29 September 2023 at 8:37 AM

    The World Baseball Softball Confederation (WBSC) left open a data repository exposing nearly 50,000 files, some of which were highly sensitive, the Cybernews research team has discovered. On June 5th, our researchers discovered a misconfigured Amazon Web Services (AWS) bucket storing nearly 48,000 […]

  • CISA adds JBoss RichFaces Framework flaw to its...
    by Pierluigi Paganini on 29 September 2023 at 6:20 AM

    US CISA added the flaw CVE-2018-14667 in Red Hat JBoss RichFaces Framework to its Known Exploited Vulnerabilities catalog. US Cybersecurity and Infrastructure Security Agency (CISA) added the critical flaw CVE-2018-14667 (CVSS score 9.8) affecting Red Hat JBoss RichFaces Framework to its Known […]

HackerOne

WeLiveSecurity

  • 5 of the top programming languages for...
    on 27 September 2023 at 10:30 AM

    While far from all roles in security explicitly demand coding skills, it’s challenging to envision a career in this field that wouldn’t derive substantial advantages from at least a basic understanding of fundamental coding principles

  • Can open-source software be secure?
    on 26 September 2023 at 10:31 AM

    Or, is mass public meddling just opening the door for problems? And how does open-source software compare to proprietary software in terms of security?

  • ESET's cutting-edge threat research at LABScon...
    on 22 September 2023 at 10:42 PM

    Two ESET malware researchers took to the LABScon stage this year to deconstruct sophisticated attacks conducted by two well-known APT groups

TheRegister

Security Week

  • AWS Using MadPot Decoy System to Disrupt APTs,...
    by Ryan Naraine on 29 September 2023 at 5:41 PM

    AWS says an internal threat intel decoy system called MadPot has successfully trapped nation state-backed APTs like Volt Typhoon and Sandworm. The post AWS Using MadPot Decoy System to Disrupt APTs, Botnets appeared first on SecurityWeek.

  • Generative AI Startup Nexusflow Raises $10.6...
    by Ionut Arghire on 29 September 2023 at 4:22 PM

    Nexusflow scores funding to build an open-source LLM that can deliver high accuracy when retrieving data from multiple security sources. The post Generative AI Startup Nexusflow Raises $10.6 Million appeared first on SecurityWeek.

  • In Other News: RSA Encryption Attack, Meta AI...
    by SecurityWeek News on 29 September 2023 at 4:03 PM

    Noteworthy stories that might have slipped under the radar: new RSA encryption attack, Meta’s AI privacy safeguards, and ShinyHunters hackers’ guilty plea.  The post In Other News: RSA Encryption Attack, Meta AI Privacy, ShinyHunters Hacker Guilty Plea appeared first on SecurityWeek.

Exploit-DB Updates