22 Mar 2024
By Mary

InfoSec News Nuggets 3/22/2024

Atlassian Releases Fixes for Over 2 Dozen Flaws, Including Critical Bamboo Bug Atlassian has released patches for more than two dozen security flaws, including a critical bug impacting Bamboo Data Center and Server that could be exploited without requiring user interaction. Tracked as CVE-2024-1597, the vulnerability carries a CVSS score of 10.0, indicating maximum severity. Described as an SQL injection flaw, it's rooted in a dependency called org.postgresql:postgresql, as a result of which the company said it…
Read More
17 Feb 2023
By Mary

InfoSec News Nuggets 02/17/2023

Citrix fixes major security flaws across several services  Citrix released a patch for a number of high-severity vulnerabilities affecting multiple offerings, the company confirmed in a security bulletin earlier this week. Given the severity of the flaws, the prevalence of the tools in question, and the fact that there are no workarounds and other mitigations, the company said it was pivotal for the affected organizations to apply the fix immediately. The Us Cybersecurity & Infrastructure Security Agency…
Read More
22 Jul 2022
By Mary

InfoSec News Nuggets 07/22/2022

Windows 11 is getting a new security setting to block ransomware attacks Microsoft is rolling out a new security default for Windows 11 that will go a long way to preventing ransomware attacks that begin with password-guessing attacks and compromised credentials. The new account security default on account credentials should help thwart ransomware attacks that are initiated after using compromised credentials or brute-force password attacks to access remote desktop protocol (RDP) endpoints, which are often exposed…
Read More
08 Sep 2021
By Mary

InfoSec News Nuggets 09/08/2021

Latest Atlassian Confluence Flaw Exploited to Breach Jenkins Project Server The maintainers of Jenkins—a popular open-source automation server software—have disclosed a security breach after unidentified threat actors gained access to one of their servers by exploiting a recently disclosed vulnerability in Atlassian Confluence service to install a cryptocurrency miner. The "successful attack," which is believed to have occurred last week, was mounted against its Confluence service that had been deprecated since October 2019, leading the…
Read More
06 Dec 2019
By Mary

InfoSec News Nuggets 12/06/2019

1 - How Internet resources worth R800 million were stolen and sold on the black market The theft and sale of large swaths of valuable African Internet resources was an inside job, Internet investigator Ron Guilmette has concluded after five months of detective work. Documents obtained from industry sources and public records in Uganda show that at least one insider at AFRINIC is also a shareholder of a company that received money for selling IP…
Read More