Security
Headlines
HeadlinesLatestCVEs

Tag

#jira

Was T-Mobile compromised by a zero-day in Jira?

IntelBroker is offering source code from major companies for sale. Are they demonstrating the value of a zero-day they are also selling?

Malwarebytes
Open in Source
#sql#vulnerability#web#apple#git#intel#rce#auth#zero_day#jira
GHSA-j584-j2vj-3f93: XWiki Platform allows remote code execution from user account

### Impact When an admin disables a user account, the user's profile is executed with the admin's rights. This allows a user to place malicious code in the user profile before getting an admin to disable the user account. To reproduce, as a user without script nor programming rights, edit the about section of your user profile and add `{{groovy}}services.logging.getLogger("attacker").error("Hello from Groovy!"){{/groovy}}`. As an admin, go to the user profile and click the "Disable this account" button. Then, reload the page. If the logs show `attacker - Hello from Groovy!` then the instance is vulnerable. ### Patches This has been patched in XWiki 14.10.21, 15.5.5, 15.10.6 and 16.0.0. ### Workarounds We're not aware of any workaround except upgrading. ### References * https://jira.xwiki.org/browse/XWIKI-21611 * https://github.com/xwiki/xwiki-platform/commit/f89c8f47fad6e5cc7e68c69a7e0acde07f5eed5a

The Annual SaaS Security Report: 2025 CISO Plans and Priorities

Seventy percent of enterprises are prioritizing investment in SaaS security by establishing dedicated teams to secure SaaS applications, as part of a growing trend of maturity in this field of cybersecurity, according to a new survey released this month by the Cloud Security Alliance (CSA). Despite economic instability and major job cuts in 2023, organizations drastically increased investment in

Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake

A ShinyHunters hacker tells WIRED that they gained access to Ticketmaster’s Snowflake cloud account—and others—by first breaching a third-party contractor.

Red Hat Security Advisory 2024-3854-03

Red Hat Security Advisory 2024-3854-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include double free and use-after-free vulnerabilities.

Database Mess Up: Aussie Food Giant Patties Foods Leaks Trove of Data

Data breach at Australian fast food giant Patties Foods exposes critical customer data! Learn what information may be…

Red Hat Security Advisory 2024-3530-03

Red Hat Security Advisory 2024-3530-03 - An update for kernel-rt is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support, Red Hat Enterprise Linux 8.4 Telecommunications Update Service, and Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3462-03

Red Hat Security Advisory 2024-3462-03 - An update for kernel is now available for Red Hat Enterprise Linux 8.6 Extended Update Support. Issues addressed include a use-after-free vulnerability.

Red Hat Security Advisory 2024-3461-03

Red Hat Security Advisory 2024-3461-03 - An update for kernel is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Issues addressed include a use-after-free vulnerability.