GreyNoise | Breaking Cybersecurity News | The Hacker News

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a critical security flaw in Citrix ShareFile storage zones controller to its Known Exploited Vulnerabilities ( KEV ) catalog, based on evidence of active in-the-wild exploitation. Tracked as  CVE-2023-24489  (CVSS score: 9.8), the shortcoming has been described as an improper access control bug that, if successfully exploited, could allow an unauthenticated attacker to compromise vulnerable instances remotely. The problem is rooted in ShareFile's handling of cryptographic operations, enabling adversaries to upload arbitrary files, resulting in remote code execution. "This vulnerability affects all currently supported versions of customer-managed ShareFile storage zones controller before version 5.11.24," Citrix  said  in an advisory released in June. Dylan Pindur of Assetnote has been credited with discovering and reporting the issue. It's worth noting that the  first signs of exploitatio

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday  added  a recently disclosed critical flaw impacting Atlassian's Bitbucket Server and Data Center to the Known Exploited Vulnerabilities ( KEV ) catalog, citing evidence of active exploitation. Tracked as  CVE-2022-36804 , the issue relates to a command injection vulnerability that could allow malicious actors to gain arbitrary code execution on susceptible installations by sending a specially crafted HTTP request. Successful exploitation, however, banks on the prerequisite that the attacker already has access to a public repository or possesses read permissions to a private Bitbucket repository. "All versions of Bitbucket Server and Datacenter released after 6.10.17 including 7.0.0 and newer are affected, this means that all instances that are running any versions between 7.0.0 and 8.3.0 inclusive are affected by this vulnerability," Atlassian  noted  in a late August 2022 advisory. CISA did