522 matches found
Let's Dance: InsightAppSec and tCell Bring New DevSecOps Improvements in Q1
To the left, to the left, to the right, right — the CI/CD Pipeline is on the move. DevSecOps is all about adding security across the application lifecycle. A popular approach to application security is to shift left, which means moving security earlier in the software development lifecycle SDLC...
Microsoft: Lapsus$ Used Employee Account to Steal Source Code
In a new blog post published last night, Microsoft confirmed that the Lapsus$ extortion group hacked one of its employee’s accounts to get “limited access” to project source code repositories. “No customer code or data was involved in the observed activities. Our investigation has found a single...
KLA12396 RCE vulnerability in Microsoft Developer Tools
Remote code execution vulnerability was found in Microsoft Developer Tools. Malicious users can exploit this vulnerability to execute arbitrary code. Original advisories CVE-2021-44228 Exploitation Public exploits exist for this vulnerability. Malware exists for this vulnerability. Usually such...
GitHub Revoked Insecure SSH Keys Generated by a Popular git Client
Code hosting platform GitHub has revoked weak SSH authentication keys that were generated via the GitKraken git GUI client due to a vulnerability in a third-party library that increased the likelihood of duplicated SSH keys. As an added precautionary measure, the Microsoft-owned company also said...
Vulristics: Microsoft Patch Tuesdays Q2 2021
Hello everyone! Lets now talk about Microsoft Patch Tuesday vulnerabilities for the second quarter of 2021. April, May and June. Not the most exciting topic, I agree. I am surprised that someone is reading or watching this. For me personally, this is a kind of tradition. Plus this is an opportuni...
The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool allows a perpetrator to gain unauthorized access to protected information.
The vulnerability of the Team Foundation Services component of the Azure DevOps Server development tool is related to errors in memory object handling. Exploiting this vulnerability may allow an attacker to gain unauthorized access to protected information...
The vulnerability of the Azure DevOps Server software development tools, related to the lack of protective measures for website structures, allows attackers to perform cross-site scripting attacks.
The vulnerability of the Azure DevOps Server software development tools is related to the lack of security measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks remotely...
Security Updates for Microsoft Team Foundation Server and Azure DevOps Server (April 2021)
The Microsoft Team Foundation Server or Azure DevOps install is missing security updates. It is, therefore, affected by multiple vulnerabilities. An attacker can exploit these to either perform actions with the privileges of another user or disclose sensitive information. Note all systems require...
Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting Vulnerability
Webmail Edition version 5.2.22 suffers from remote code execution and cross site scripting vulnerabilities via the HordeTextFilter library. ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerab...
Microsoft Azure DevOps Server 2020.0.1 Cross Site Scripting
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Reflected cross-site scripting product: Microsoft Azure DevOps Server vulnerable version: 2020.0.1 fixed version: 2020.0.1 Patch 2 CVE number: CVE-2021-28459 impact: medi...
CVE-2021-28459
Azure DevOps Server Spoofing Vulnerability...
CVE-2021-28459
Azure DevOps Server Spoofing Vulnerability...
CVE-2021-27067
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...
CVE-2021-27067
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...
Spoofing
Azure DevOps Server Spoofing Vulnerability...
Information disclosure
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability...
CVE-2021-28459 Azure DevOps Server Spoofing Vulnerability
...
CVE-2021-27067 Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
...
Azure DevOps Server and Team Foundation Server Information Disclosure Vulnerability
...
Azure DevOps Server Spoofing Vulnerability
...