API ThreatStats’ Post

The Log4j 2 library controls how applications log strings of code and information. The vulnerability enables an attacker to gain control over a string and trick the application into requesting and executing malicious code under the attacker's control.

Developers and security folks❗ We're keen for you to take our shiny new Docs site for a spin and go through our Getting Started guide 📖 . (A quick reminder: CipherStash protects sensitive data by keeping it encrypted while still making it available for analysis.) 🔐 We've tried to make it as simple and frictionless as possible for technical folks to get a demo instance up and running. It's totally free to get started with encrypting and securely searching over data via the CLI and example application. It's a preview of the same workflow you'd use when protecting sensitive data in production. Our solutions engineer CJ Brewer would love your feedback on the developer experience. 💜 https://lnkd.in/gvwvc6wF #developers #security #data #encryption

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection: Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication bypass.

Developers and security folks: we've keen for you to take our shiny new Docs site for a spin and go through our Getting Started guide. (A quick reminder: CipherStash protects sensitive data by keeping it encrypted while still making it available for analysis.) We've tried to make it as simple and frictionless as possible for technical folks to get a demo instance up and running. It's totally free to get started with encrypting and securely searching over data via the CLI and example application. It's a preview of the same workflow you'd use when protecting sensitive data in production. Our solutions engineer CJ Brewer would love your feedback on the developer experience. 💜 https://lnkd.in/gvwvc6wF

The Bitnami Vulnerability Database (https://lnkd.in/d4XvzPQf) is now ingested by osv.database (https://lnkd.in/dHj-5B4M) See https://lnkd.in/d6h5e-Xf

🚨Critical Vulnerability Alert! 🚨: CVE-2024-37301 Document Merge Service is a document template merge service providing an API to manage templates and merge them with given data. Versions 6.5.1 and prior are vulnerable to remote code execution via server-side template injection which, when executed as root, can result in full takeover of the affected system. As of time of publication, no patched version exists, nor have any known workarounds been disclosed. CVSSv3.1 Base Score: 9.1 (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N) #adfinis #apisecurity #owasp https://lnkd.in/dqwfbQWM

OpenSSL CVE-2024-5535 Information Disclosure Vulnerability Critical Date Released: 2024-06-27 Recommended Action: Download and install patches as instructed Description: Issue summary: Calling the OpenSSL API function SSL_select_next_proto with an empty supported client protocols buffer may cause a crash or memory contents to be sent to the peer. Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application. https://lnkd.in/gteRFekS https://lnkd.in/gEa4t4Qz

Auditing weak passwords using L0phtCrack (open source) and DSinternal (utility for password cracking)

Attention to all my tech-savvy connections! ⚠️ Avoid this command at all costs: Safeguarding Your Data in the Terminal 💻 Imagine this scenario: You’re cleaning up files in your home directory, and in a moment of haste, you run the command sudo rm -fr *. This forceful delete command removes all files and directories without any prompts. Adding sudo gives it superuser privileges, risking the deletion of critical system files. Catastrophic data loss can occur if executed in the wrong directory. The consequences are dire: entire directories and years of work can vanish in seconds. Learn from this cautionary tale shared online about handling these commands with extreme care. To prevent data disasters, consider these precautions: 🔒 Create Aliases: Set up safer aliases for dangerous commands in your shell configuration file (e.g., .bashrc or .zshrc). For instance, alias rm to rm -i, prompting for confirmation before each deletion. 🔒 Backup Regularly 🔒 Double-Check Commands 🔒 Use a Restricted Account Stay safe and safeguard your data! 💡 #TechTip #DataProtection #CommandCaution

I ran a gaussian analysis of ports in use to find any outliers. It indicated servers that are using ports that are 3 standard deviations outside of the mean. Basically it finds anomalous ports being used to login into AD. Which could indicate a misconfiguration or potential intrusion if a port count is really high. KQL is pretty rad. I remember having to write parsers for other products and it never getting exactly what I want or the software changes something in a update that wrecks the parser. #KQL #MicrosoftSecurity #MicrosoftDefenderforIdentity let mean = toscalar( IdentityLogonEvents | summarize avg(todouble(Port)) ); let std_dev = toscalar( IdentityLogonEvents | extend Port = todouble(Port) | summarize stdev(Port) ); IdentityLogonEvents | extend Port = todouble(Port) | extend Z_score = (Port - mean) / std_dev | where abs(Z_score) > 3 | summarize count() by Port