Skip to content Skip to footer

A security flaw in Progress Software’s OpenEdge software has been demonstrated.

A critical security vulnerability has been discovered in the Progress Software OpenEdge Authentication Gateway and AdminServer. This vulnerability could lead to unauthorized access to sensitive data on compromised systems. The vulnerability has been tracked as CVE-2024-1403 and has a maximum severity rating of 10.0 on the Common Vulnerability Scoring System (CVSS). The vulnerability can be…

Read More

There have been reports of ransomware attacks carried out by malicious actors exploiting vulnerabilities in JetBrains TeamCity.

GuidePoint Security's recent discovery reveals that the cybercriminals responsible for the BianLian ransomware have exploited vulnerabilities in JetBrains TeamCity software to carry out extortion attacks. The attack begins with exploiting a TeamCity server and deploying a PowerShell variant of the BianLian backdoor. Although the ransomware first surfaced in June 2022, it has shifted to conducting…

Read More

Emerging Malware Campaign Targets Misconfigured Servers: Cado Security

Cybersecurity researchers have identified an emerging malware campaign codenamed "Spinning YARN" that targets misconfigured and vulnerable servers running Apache Hadoop YARN, Docker, Atlassian Confluence, and Redis services. The campaign is designed to deliver a cryptocurrency miner and spawn a reverse shell for persistent remote access. Threat actors leverage these tools to issue exploit code, taking…

Read More

Critical CVEs in Outdated Versions of Atlassian Confluence and VMware vCenter Server

This week, Rapid7 draws attention to two significant vulnerabilities in outdated versions of commonly used software. Atlassian has disclosed CVE-2023-22527, a template injection vulnerability in the Confluence Server. This vulnerability has a CVSS score of 10, the highest possible score. Meanwhile, VMware has released a new update to its October 2023 vCenter Server advisory on…

Read More

Metasploit Weekly Wrap-Up 01/26/24

Direct Syscalls Support for Windows Meterpreter Direct system calls are a popular technique for bypassing EDR/AV detection. It is beneficial in dynamic analysis, where security software monitors every process on the system to detect any suspicious activity. The technique involves running system calls directly to enter kernel mode without passing through the Win32 API, which…

Read More

Newsletter Signup

The Grid —
The Matrix Has Me
Big Bear Lake, CA 92315

01010011 01111001 01110011 01110100 01100101 01101101 00100000
01000110 01100001 01101001 01101100 01110101 01110010 01100101

Greetings, programs! Together we have achieved a great many things. We have created a vast, complex system.Clu

Deitasoft © 2024. All Rights Reserved.