In late 2022, two vulnerabilities, CVE-2022-27510 and CVE-2022-27518, were reported in Citrix ADC and Citrix Gateway. These two Citrix vulnerabilities are a critical issue with a CVSS score of 9.8, and reports are still being made about how these CVEs are used in hacking attempts. Many Citrix ADCs and Gateways with corresponding security vulnerabilities are [...]
On October 31st, new OpenSSL vulnerabilities were discovered: CVE-2022-3786 and CVE-2022-3602. This vulnerability is related to X.509 Email Address Buffer Overflow. In particular, overflow may occur due to Punycode used to process the name constraint checking function for X.509 certificate verification introduced in OpenSSL 3.0.0. Punycode: The algorithm used to convert Unicode strings to ASCII strings by encoding [...]
Jenkins is an open-source software designed to create a continuous integration (CI) and continuous delivery and deployment environment for all language combinations and source code repositories. To using Jenkins automates the build, testing, and deployment to increase software quality and development productivity. It is a web-based console that can be combined with multiple authentication [...]
How would you feel if your personal information, such as your ID and resume, were posted online? Using an internet-connected multi-function printer (MFP) to scan and email important personal information has become commonplace for individuals and enterprises. Since these files should never be leaked, people transfer their data by setting zip passwords or sending a link with [...]
Website defacement is a cyberattack in which a hacker gains unauthorized access to a website and alters its visual appearance, often leaving behind evidence indicating that the website has been attacked. This attack would feel like nothing if the screen is the only one that is changed. In reality, however, this implies that the hacker gains [...]
With the acceleration of digital transformation and the growing number of companies extending their businesses to the cloud, many unmonitored external attack surfaces (VPNs, RDPs, SMBs, certificates, mobile devices, etc.) are giving rise to frequent attacks by threat actors. To effectively protect against external attacks, it is essential to precisely identify all IT assets and [...]
Developer organizations heavily depend on various tools to support communication, collaboration, and productivity. As a result, there is a growing trend among many companies to embrace application packaging tools like Docker and Kubernetes. Both companies and developers increasingly prefer Docker containers because they can package applications, configurations, and libraries and distribute them in a unified [...]
‘Criminal IP’, a cyber threat intelligence platform of AI Spera AI Spera, a cyber threat intelligence company, has revealed detection and analysis data about 8,900 attack logs on Log4j (Log4Shell) vulnerabilities (CVE-2021-44228) through its own threat intelligence platform ‘Criminal IP’. Since domestic and foreign security industries have yet to respond perfectly to Log4j vulnerabilities, it [...]
