kif.rocks ist einer von vielen unabhängigen Mastodon-Servern, mit dem du dich im Fediverse beteiligen kannst.

Serverstatistik:

159
aktive Profile

#teamcity

0 Beiträge0 Beteiligte0 Beiträge heute
Fortgeführter Thread

JetBrains Security Bulletin only shows 7 vulnerabilities out of "26 security problems fixed": 🔗 jetbrains.com/privacy-security

  • CVE-2024-31134 (vendor 6.5 medium) In JetBrains TeamCity before 2024.03 authenticated users without administrative permissions could register other users when self-registration was disabled
  • CVE-2024-31135 (vendor 6.1 medium) In JetBrains TeamCity before 2024.03 open redirect was possible on the login page
  • CVE-2024-31136 (vendor 7.4 high) In JetBrains TeamCity before 2024.03 2FA could be bypassed by providing a special URL parameter
  • CVE-2024-31137 (vendor 6.8 medium) In JetBrains TeamCity before 2024.03 reflected XSS was possible via Space connection configuration
  • CVE-2024-31138 (vendor 4.6 medium) In JetBrains TeamCity before 2024.03 xSS was possible via Agent Distribution settings
  • CVE-2024-31139 (vendor 5.9 medium) In JetBrains TeamCity before 2024.03 xXE was possible in the Maven build steps detector
  • CVE-2024-31140 (vendor 4.1 medium) In JetBrains TeamCity before 2024.03 server administrators could remove arbitrary files from the server by installing tools

cc: @campuscodi

JetBrainsFixed security issues

JetBrains announces a new TeamCity 2024.03 release but doesn't identify any of the 26 vulnerabilities fixed in their blog post. 🔗 blog.jetbrains.com/teamcity/20

In the TeamCity 2024.03 Release Notes they state that "26 security problems have been fixed."

We do not share the details of security-related issues to avoid compromising clients that keep using previous bugfix and/or major versions of TeamCity. Check out our Security Bulletin for the list of disclosed vulnerability fixes. Security bulletins for new versions are typically published within the next few days after the release date.

Patch your TeamCity now before you get compromised by nation state APTs and cybercriminals/ransomware actors.

The JetBrains BlogTeamCity 2024.03 Is Here | The TeamCity BlogThe new TeamCity version comes with some highly anticipated features, like optional artifact dependencies and the bundled HashiCorp Vault plugin. Read on to learn what's new.

📨 Latest issue of my curated #cybersecurity and #infosec list of resources for week #42/2023 is out! It includes the following and much more:

🔓 👀 Tracking Unauthorized Access to #Okta's Support System
🔓 🇯🇵 #Casio discloses #databreach impacting customers in 149 countries
🔓 🧬 Hacker leaks millions more #23andMe user records on #cybercrime forum
🔓 🇨🇳 D-Link confirms data breach after employee #phishing attack
🔓 💰 #Equifax Fined $13.5 Million Over 2017 Data Breach
🇺🇦 🧹 Ukrainian activists hack Trigona #ransomware gang, wipe servers
🇺🇸 🇰🇵 FBI: Thousands of Remote IT Workers Sent Wages to #NorthKorea to Help Fund Weapons Program
🇮🇳 ☁️ #India targets #Microsoft, #Amazon tech support #scammers in nationwide crackdown
🇵🇸 🇮🇷 #Hamas-linked app offers window into cyber infrastructure, possible links to Iran
👮🏻‍♂️ 🥷🏻 Police seize #RagnarLocker leak site
🇰🇵 North Korean Hackers Exploiting Recent #TeamCity Vulnerability
🇨🇳 🇷🇺 #China replaces #Russia as top #cyberthreat
🇺🇦 📡 CERT-UA Reports: 11 Ukrainian Telecom Providers Hit by Cyberattacks
🇫🇷 🇪🇸 #France frees the two biggest Spanish hackers
🇺🇸 ⚓️ Ex-Navy IT head gets 5 years for selling people’s data on #darkweb
🇨🇭 🗳️ #Switzerland’s e-voting system has predictable implementation blunder
🔓 🏭 Critical Vulnerabilities Expose ​​#Weintek HMIs to Attacks
🔓 🏭 #Milesight Industrial Router #Vulnerability Possibly Exploited in Attacks
🦠 🇻🇳 Fake #Corsair job offers on #LinkedIn push #DarkGate malware
🦠 Google-hosted #malvertising leads to fake #Keepass site that looks genuine
🦠 💬 #Discord still a hotbed of #malware activity — Now APTs join the fun
🦠 🕵🏻‍♂️ SpyNote: Beware of This Android #Trojan that Records Audio and Phone Calls
🛍️ 🦠 #Android will now scan sideloaded apps for malware at install time
💬 🔐 #WhatsApp #passkeys on the way, but as usual, for Android first
🇷🇺 🗂️ Pro-Russian Hackers Exploiting Recent #WinRAR Vulnerability in New Campaign
🗓️ ❌ Signal Pours Cold Water on Zero-Day Exploit Rumors
🔓 💥 #Cisco warns of new #IOS XE #zeroday actively exploited in attacks

📚 This week's recommended reading is: "RTFM: Red Team Field Manual v2" by Ben Clark and Nicholas Downer

Subscribe to the #infosecMASHUP newsletter to have it piping hot in your inbox every week-end ⬇️

infosec-mashup.santolaria.net/

X’s Infosec Newsletter · InfoSec MASHUP - Week 42/2023Von Xavier «X» Santolaria