CySec News A critical command injection vulnerability in a Bitbucket product could allow an attacker to execute arbitrary code, researchers warn. Bitbucket is a Git-based source code repository hosting service owned by Atlassian. The flaw, tracked as CVE-2022-36804, is a command injection vulnerability in multiple API endpoints of Bitbucket Server and Data Center. Reference: https://portswigger.net/daily-swig/critical-command-injection-vulnerability-discovered-in-bitbucket-server-and-data-center […]
Monthly Archives: August 2022
24
Aug
Aug
CySec News GitLab has issued a security update to address a critical vulnerability that could lead to remote code execution (RCE). The vulnerability could allow an authenticated user to achieve remote code execution via the ‘Import from GitHub API’ endpoint, an advisory from GitLab reads. Tracked as CVE-2022-2884, the security issue is present in GitLab […]
17
Aug
Aug
CySec News Android malware developers are already adjusting their tactics to bypass a new ‘Restricted setting’ security feature introduced by Google in the newly released Android 13. Reference: https://www.bleepingcomputer.com/news/security/malware-devs-already-bypassed-android-13s-new-security-feature/ Google has released a security update for the Chrome browser that addresses close to a dozen vulnerabilities, including a zero-day flaw that is being exploited […]
10
Aug
Aug
CySec News As many as 121 new security flaws were patched by Microsoft as part of its Patch Tuesday updates for the month of August, which also includes a fix for a Support Diagnostic Tool vulnerability that the company said is being actively exploited in the wild Of the 121 bugs, 17 are rated Critical, […]