Vulnerability report written by the TA team by analyzing “Jenkins Arbitrary File Leak Vulnerability (CVE-2024-23897)” This vulnerability, identified in Jenkins’ built-in command line interface (CLI) and its interaction with the args4j library, allows attackers to exploit the ability to substitute the file contents for the “@” character after a file path in command arguments. Unfortunately, Read more about [2024.07 Vulnerability Report] Jenkins Arbitrary File Leak Vulnerability (CVE-2024-23897)[…]

Vulnerability report written by the TA team by analyzing “Adobe Commerce & Magento XML External Entity(XXE) Injection” Adobe Commerce & Magento XML External Entity(XXE) Injection The vulnerability is an XML External Entities (XXE) Injection vulnerability from Adobe Commerce’s Magento, which allows you to insert malicious XML data into a vulnerable class through REST API to Read more about [2024.07 Vulnerability Report] Adobe Commerce & Magento XML External Entity(XXE) Injection[…]

Vulnerability report written by the TA team by analyzing “MOVEit Transfer SQL Injection(CVE-2023-34362)” This vulnerability is an attack exploited by the CL0P ransomware group, causing significant damage. Malicious users took advantage of the vulnerability to leak data and request money for stolen files. This vulnerability could allow an unauthenticated attacker to access and manipulate a Read more about [2024.06 Vulnerability Report] MOVEit Transfer SQL Injection(CVE-2023-34362)[…]

Vulnerability report written by the TA team by analyzin “XZ Utils Backdoor”     The XZ Utils backdoor is a backdoor that attackers have been preparing since 2001. It was discovered that a malicious user inserted malicious code into the open source XZ repository and distributed it without proper verification. The vulnerability was initially reported Read more about [2024.06 Vulnerability Report] XZ Utils Backdoor[…]

Vulnerability report written by the TA team by analyzing “Malicious AI Tools: HackerGPT”     HackerGPT is an ethical hacking AI model with an extensive database of hacking techniques, tools, and strategies for web applications and networks to provide comprehensive support and answer hacking-related questions, and unlike other GPTs, it is a hacking-only GPT that Read more about [2024.05 Vulnerability Report] Malicious AI Tools : HackerGPT[…]

1. What is AST? Application security testing (AST) is an important component of IT security that focuses on identifying and mitigating vulnerabilities and weaknesses within software applications. AST encompasses a variety of techniques and tools designed to assess the security posture of applications, including web and mobile applications. The primary goal of an AST is Read more about [2024.04 Vulnerability Report] OAST Application Security Testing Techniques[…]

1. Overview TeamCity is JetBrains’ build management and continuous integration server, and this article summarizes our analysis of the authentication bypass vulnerabilities, CVE-2024-27198 and CVE-2024-27199, that were recently discovered in the service. Source : https://www.helpnetsecurity.com/2024/03/21/exploiting-cve-2024-27198/ 2. Attack Type In March 2024, JetBrains released patches for CVE-2024-27198 and CVE-2024-27199, which were discovered in TeamCity, and Rapid7 Read more about [2024.04 Vulnerability Report] JetBrains TeamCity Authentication Bypass Vulnerability[…]

1. Overview The BlueShell vulnerability is a backdoor malware developed in the Go language. A simple form of backdoor, the BlueShell vulnerability supports TLS encryption for communication with C&C servers to bypass network detection and execute attacker commands (remote command execution, file download/upload, Socks5 proxy). Source: GitHub https://github.com/restran/BlueShell 2. Attack Process BlueShell has three configuration Read more about [2024.03 Vulnerability Report] BlueShell Malware Vulnerability[…]

Ivanti Connect Secure and Policy Secure Multiple Vulnerability 1. Overview Ivanti’s Connect Secure and Policy Secure are SSL VPN solutions and IPS solutions, and we have analyzed CVE-2023-46805, CVE-2024-21887, CVE-2024-21888, and CVE-2024-21893 that were recently discovered in these platforms. 2. Attack Types In January 2024, Ivanti released patches for vulnerabilities found in its Connect Secure Read more about [2024.02 Vulnerability Report] Ivanti Connect Secure & Policy Secure Vulnerability[…]