The OpenSSF has implemented various initiatives to improve open-source software security, including the creation of a Malicious Packages repository and partnering with CISA to develop a security maturity framework for package repositories.
GitHub has implemented push protection as a default security feature for all public repositories to prevent accidental leaks of sensitive information such as API keys and tokens.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 09:07:012024-03-05 09:07:01GitHub Push Protection Now on by Default for Public Repositories
The JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 08:08:412024-03-05 08:08:41Exploit Available for New Critical JetBrains TeamCity Authentication Bypass Bug, Patch Now
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 07:09:532024-03-05 07:09:53Epic Games ‘hackers’ admit threat of leak was phony
Customers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 07:09:522024-03-05 07:09:52Amex Customer Data Exposed in Third-Party Breach
A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
“The
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 07:09:512024-03-05 07:09:51Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers
The DPRK is using cyberattacks to steal designs and other data from South Korean microchip manufacturers, according to Seoul’s National Intelligence Service.
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-05 07:09:512024-03-05 07:09:51Seoul Spies Say North Korea Hackers Stole Semiconductor Secrets
https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png00https://www.backbox.org/wp-content/uploads/2018/09/website_backbox_text_black.png2024-03-04 23:09:422024-03-04 23:09:42White House Recommends Memory-Safe Programming Languages and Security-by-Design
BackBox.org offers a range of Penetration Testing services to simulate an attack on your network or application. If you are interested in our services, please contact us and we will provide you with further information as well as an initial consultation.
Securing Software Repositories Leads to Better OSS Security
/in General NewsThe OpenSSF has implemented various initiatives to improve open-source software security, including the creation of a Malicious Packages repository and partnering with CISA to develop a security maturity framework for package repositories.
Cyware News – Latest Cyber News – Read More
GitHub Push Protection Now on by Default for Public Repositories
/in General NewsGitHub has implemented push protection as a default security feature for all public repositories to prevent accidental leaks of sensitive information such as API keys and tokens.
Cyware News – Latest Cyber News – Read More
Exploit Available for New Critical JetBrains TeamCity Authentication Bypass Bug, Patch Now
/in General NewsThe JetBrains TeamCity On-Premises CI/CD solution has been found to have two critical vulnerabilities (CVE-2024-27198 and CVE-2024-27199) that can allow remote attackers to take control of the server and modify system settings without authentication.
Cyware News – Latest Cyber News – Read More
Epic Games ‘hackers’ admit threat of leak was phony
/in General NewsThe “hacker” group that claimed to have breached Epic Games now says it was an elaborate con, and Epic says there was no legitimate threat.Read More
Security News | VentureBeat – Read More
Critical TeamCity Bugs Endanger Software Supply Chain
/in General NewsCustomers should immediately patch critical vulnerabilities in on-prem deployments of the CI/CD pipeline tool JetBrains TeamCity that could allow threat actors to gain admin control over servers.
darkreading – Read More
Zero-Click GenAI Worm Spreads Malware, Poisoning Models
/in General News35 years after the Morris worm, we’re still dealing with a version of the same issue: data overlapping with control.
darkreading – Read More
Amex Customer Data Exposed in Third-Party Breach
/in General NewsThe breach occurred through a third-party service provider frequently used by the company’s travel services division.
darkreading – Read More
Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers
/in General NewsA new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems.
The flaws, tracked as CVE-2024-27198 (CVSS score: 9.8) and CVE-2024-27199 (CVSS score: 7.3), have been addressed in version 2023.11.4. They impact all TeamCity On-Premises versions through 2023.11.3.
“The
The Hacker News – Read More
Seoul Spies Say North Korea Hackers Stole Semiconductor Secrets
/in General NewsThe DPRK is using cyberattacks to steal designs and other data from South Korean microchip manufacturers, according to Seoul’s National Intelligence Service.
darkreading – Read More
White House Recommends Memory-Safe Programming Languages and Security-by-Design
/in General NewsA new report promotes preventing cyberattacks by using memory-safe languages and the development of software safety standards.
Security | TechRepublic – Read More