Security | Threat Detection | Cyberattacks | DevSecOps | Compliance

Snyk has discovered a vulnerability in all versions of Docker Buildkit <=v0.12.4, as used by the Docker engine. The exploitation of this issue can result in container escape to the underlying host OS when building an image using a malicious Dockerfile or upstream image (i.e. when using FROM). This issue has been assigned CVE-2024-23651.

Snyk has discovered a vulnerability in all versions of runc <=1.1.11, as used by the Docker engine, along with other containerization technologies such as Kubernetes. Exploitation of this issue can result in container escape to the underlying host OS, either through executing a malicious image or building an image using a malicious Dockerfile or upstream image (i.e., when using FROM). This issue has been assigned the CVE-2024-21626.

On January 22, 2024, Fortra publicly disclosed a critical vulnerability, CVE-2024-0204, in their GoAnywhere MFT product. This vulnerability, which was responsibly disclosed to Fortra by Spark Engineering Consultants, had been patched on December 7, 2023. CVE-2024-0204 is a severe authentication bypass vulnerability with a CVSS score of 9.8.

On January 16 2024, Atlassian issued a significant alert on a critical Server-Side Template Injection (SSTI) vulnerability in Confluence Data Center and Server, identified as CVE-2023-22527. This issue found in older versions, poses a serious risk as it allows attackers without any authentication, to inject OGNL expressions. This means they could potentially run any code they want on the compromised system.

On January 16th, 2024, Atlassian released an advisory highlighting a critical vulnerability within certain versions of Confluence Data Center and Confluence Server. This issue, tracked under the identifier CVE-2023-22527, involves a severe Remote Code Execution (RCE) vulnerability stemming from a template injection flaw in out-of-date software versions. The risk is significant, with unauthenticated attackers potentially gaining the ability to execute arbitrary code on affected installations.

In an era where digital transformation dictates the pace of business growth, APIs have become the cornerstone of modern enterprise architecture. APIs are not just technical tools; they are vital assets that drive business processes, enhance customer experiences, and open new avenues for innovation. However, with great power comes great responsibility, especially in terms of security. OWASP API Security Top 10 offers a roadmap to safeguard these essential tools against evolving cyber threats.

Vulnerability assessments—as part of your company’s vulnerability management strategy—are an essential step. Through a vulnerability assessment, your organization can find critical vulnerabilities and keep your assets safe. But it is not always clear where to start with such assessments. Accordingly, this blogpost provides a comprehensive checklist for performing vulnerability assessments; in addition, it addresses both organizations and security testers.

A stored XSS vulnerability was discovered in BlogHub, a plugin in the CMS October. This article explores the vulnerability, its impact, and current status in detail.

Atlassian recently disclosed a new critical vulnerability in its Confluence Server and Data Center product line, the CVE has a CVSS score of 10, and allows an unauthenticated attacker to gain Remote Code Execution (RCE) access on the vulnerable server. There is no workaround, the only solution being to upgrade to the latest patched versions.

On January 10th, 2024, Volexity reported that there is active exploitation in the wild against Ivanti Connect Secure (ICS) VPN devices. Ivanti and Volexity worked together to review impacted devices, and Volexity identified two different zero days, which have been assigned the following CVEs IDs.