The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Infosecurity News
Three Strategies to Boost Open-Source Security
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software
Security Affairs
Security Affairs newsletter Round 470 by Pierluigi Paganini – INTERNATIONAL EDITION
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
DarkReading
Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Ars Technica
Maximum-severity GitLab flaw allowing account hijacking under active exploitation
The threat is potentially grave because it could be used in supply chain attacks.
SecurityWeek
Startup Dealflow: New Investments at Resonance, RunReveal, StepSecurity, Insane Cyber
Cybersecurity startups Insane Cyber, Resonance Security, RunReveal and StepSecurity announce pre-seed, early-stage, and seed funding rounds.
Cyber Security News
CISA Warns Of Hackers Actively Attacking GitLab Password Reset Vulnerability
Washington, D.C., May 1, 2024 – The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert concerning a newly
SecurityWeek
1,400 GitLab Servers Impacted by Exploited Vulnerability
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
Security Affairs
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog
CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog.
The Hacker News
CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability
A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.
SC Magazine
Critical GitLab account takeover flaw added to CISA’s KEV Catalog
More than 2,100 servers may still be vulnerable to GitLab password reset exploits.
The Record
Organizations patch CISA KEV list bugs 3.5 times faster than others, researchers find
Researchers at Bitsight asked whether organizations remediate software and hardware vulnerabilities faster if they're on the federal government's list. The resulting data added up to a resounding "yes."
Bleeping Computer
CISA says GitLab account takeover bug is actively exploited in attacks
CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets.
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
Cyber Security News
GitLab High-severity Flaw Let Attackers Takeover Account - Update Now
GitLab released security patches 16.11.1, 16.10.4, and 16.9.6 for both Community and Enterprise Editions, and upgrading to these versions is
DarkReading
Hackers Create Legit Phishing Links With Ghost GitHub, GitLab Comments
An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
Bleeping Computer
GitLab affected by GitHub-style CDN flaw allowing malware hosting
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.
Infosecurity News
CISA Urges Immediate Credential Reset After Sisense Breach
The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack
CyberSecurity Dive
With Sisense compromise, the race begins to understand the impact
CISA is working with private industry partners to investigate the attack on the data analytics platform with particular concern about the impact on critical infrastructure.
The Record
Sisense customers seek answers after breach announcement
“I was hoping for a more informative notification message than basically ‘reset your passwords,’” one Sisense customer said.
Krebs on Security
Why CISA is Warning CISOs About a Breach at Sisense
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…
The Hacker News
Microsoft Fixes 149 Flaws in Huge April Patch Release, Zero-Days Included
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
Security Affairs
ScrubCrypt used to drop VenomRAT along with many malicious plugins
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins.
DarkReading
Solar Spider Targets Saudi Arabia Banks via New Malware
An ongoing cyberattack with ties to China uses new version of sophisticated JSOutProx Trojan, now targeting banks in the Middle East.
Cyber Security News
JsOutProx Malware Abusing GitLab To Attack Financial Institutions
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code,
Security Affairs
Security Affairs newsletter Round 466 by Pierluigi Paganini
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
New Wave of JSOutProx Malware Targeting Financial Firms in APAC and MENA
Financial organizations in APAC & MENA are under attack. A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems.
Bleeping Computer
Visa warns of new JSOutProx malware variant targeting financial orgs
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
Infosecurity News
New JSOutProx Malware Targets Financial Firms in APAC, MENA
First found in 2019, JSOutProx combines JavaScript and .NET functionalities to infiltrate systems
Security Affairs
The New Version of JsOutProx is Attacking Financial Institutions in APAC and MENA via Gitlab Abuse
Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse.
SecurityWeek
Cybersecurity M&A Roundup: 27 Deals Announced in March 2024
Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024, same as in February.
.png)
Cyber Security News
Cyber Security News Weekly Round-Up (Vulnerabilities, Cyber Attacks, Threats & New Stories)
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
.webp)
Cyber Security News
GitLab Security Flaw Let Attackers Inject Malicious Scripts: Patch Now
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.
The Hacker News
Microsoft's March Updates Fix 61 Vulnerabilities, Including Critical Hyper-V Flaws
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
Cyber Security News
Cyber Security News Weekly Round-Up : Vulnerabilities, Cyber Attacks, Threats & New Cyber Stories
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
SecurityWeek
CISA Outlines Efforts to Secure Open Source Software
Concluding a two-day OSS security summit, CISA details key actions to help improve open source software security.
.webp)
Cyber Security News
Gitlab Authorization Bypass Vulnerability Let Attackers Steal Protected Variables
GitLab has announced the release of updated versions for its CE and Enterprise Edition (EE) platforms, addressing critical vulnerabilities
CSO
Data breaches caused by insiders can cost you over $15 million
Cybersecurity skills gaps, ambiguous data regulation, and a distributed workforce are all adding to increased insider-driven incidents.
The Hacker News
4 Instructive Postmortems on Data Downtime and Loss
Learn from GitLab's 2017 incident: 300GB of data lost in seconds, but their transparent recovery is a masterclass in accountability.
SecurityWeek
Cyber Insights 2024: Supply Chain
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
The Hacker News
Microsoft Rolls Out Patches for 73 Flaws, Including 2 Windows Zero-Days
Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.
SecurityWeek
In Other News: Palo Alto Loses Patent Lawsuit, Identity Firms Get Funding, Government Hackers
Palo Alto Networks ordered to pay $150 million in patent lawsuit, identity solutions firms get big funding, government hacker techniques.
Cyber Security News
USB Malware Chained with Text Strings on Legitimate Websites Attacks Users
According to the reports shared with Cyber Security News, the threat actor begins the infection chain by delivering the USB drives to the victims by any means of social engineering.
Bleeping Computer
Hackers push USB malware payloads via news, media hosting sites
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.
The Hacker News
Italian Businesses Hit by Weaponized USBs Spreading Cryptojacking Malware
UNC4990 is using weaponized USB devices as an initial infection method to target organizations in Italy.
Latest Hacking News
GitLab Patched A Workspace Creation Vulnerability With An Emergency Update
Days after releasing a major update, GitLab rolled out another emergency update addressing a serious vulnerability affecting workspace creation. The service urged all users to update to the latest releases at the earliest, assuring that
SC Magazine
2nd critical GitLab patch of 2024 fixes arbitrary file writing bug
CVE-2024-0402, CVSS score 9.9, may affect more than 4,800 unpatched GitLab servers.
Ars Technica
Ars Technica used in malware campaign with never-before-seen obfuscation
Vimeo also used by legitimate user who posted booby-trapped content.
The Hacker News
URGENT: Upgrade GitLab - Critical Workspace Creation Flaw Allows File Overwrite
Hackers could write ANY file on your GitLab server while creating a workspace. This critical flaw (CVE-2024-0402) affects all versions.
Security Affairs
Security Affairs newsletter Round 456 by Pierluigi Paganini
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
5379 GitLab Servers are Vulnerable to Zero-Click Account Takeover Attacks
GitLab has released important security fixes for versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
SecurityWeek
Thousands of GitLab Instances Unpatched Against Critical Password Reset Bug
Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability.
SC Magazine
GitLab password reset bug leaves more than 5.3K servers up for grabs
A critical zero-click account takeover exploit affects GitLab Community and Enterprise Editions.
Security Affairs
5379 GitLab servers vulnerable to zero-click account takeover attacks
Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028.
Bleeping Computer
Over 5,300 GitLab servers exposed to zero-click account takeover attacks
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
SecurityWeek
Google Warns of Chrome Browser Zero-Day Being Exploited
The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine.
Latest Hacking News
GitLab Addressed A Critical Zero-Click Vulnerability With Latest Updates
Heads up, GitLab users! It’s time to upgrade to the latest GitLab versions, as the updates address multiple security flaws, including a zero-click vulnerability. GitLab Disclosed A Serious Zero-Click Flaw Allowing Account Hijacking As disclosed, numerous security
Bleeping Computer
Latest Adblock update causes massive YouTube performance hit
Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension.
SecurityWeek
GitLab Patches Critical Password Reset Vulnerability
GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails.
%20-%20APT%20Hackers%20Abusing%20GitHub%20To%20Deliver%20Malware%20Payload.webp)
Cyber Security News
Living-off-Trusted-Sites (LOTS) - APT Hackers Abusing GitHub To Deliver Malware Payload
Cybersecurity researchers at Recorded Future recently discovered that APT hackers are actively exploiting the GitHub platform.
The Record
Ukrainian arrested for infecting US cloud provider with cryptomining malware
Ukrainian authorities and an unspecified U.S. cloud computing provider teamed up to capture a suspect in a $2 million cryptomining operation.
Security Affairs
GitLab fixed a critical zero-click account hijacking flaw
GitLab addressed 2 critical bugs impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking issue
DarkReading
GitLab Releases Updates to Address Critical Vulnerabilities
Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.
Bleeping Computer
GitLab warns of critical zero-click account hijacking vulnerability
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
The Hacker News
Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP
GitLab patches critical vulnerabilities! CVE-2023-7028 scores a perfect 10 on severity.
The Hacker News
Threat Actors Increasingly Abusing GitHub for Malicious Purposes
Cybercriminals are increasingly using GitHub for malicious activities like payload delivery and command-and-control operations.
Security Affairs
Experts found 3 malicious packages hiding crypto miners in PyPi repository
Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner.
The Hacker News
Beware: 3 Malicious PyPI Packages Found Targeting Linux with Crypto Miners
Beware of hidden dangers in open-source libraries. Three new malicious PyPI packages found deploying cryptocurrency miners.
The Hacker News
Microsoft's Final 2023 Patch Tuesday: 33 Flaws Fixed, Including 4 Critical
Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws. This release includes 4 Critical and 29 Important fixes.
Cyber Security News
New Editbot Stealer in Action; Stealing Browser Passwords & Cookies
There has been a new malicious campaign - Editbot Stealer, discovered in which threat actors use WinRAR archive.
The Cyber Express
Revealing the Editbot Stealer: A Python-Based Threat Targeting Social Media Users
A new menace has emerged on the dark web— the Editbot stealer. Recently discovered by Cyble Research and Intelligence Labs
The Cyber Express
Master the Defenses: 8 Cybersecurity Best Practices for 2024
The ever-accelerating pace of technological advancement shapes our world, forging a double-edged digital landscape. On one hand, it fuels innovation
The Cyber Express
Darwinbox Allegedly Hit by Cyberattack; Threat Actor Demands US$2,000 for Access
An entity identified as 'dawnofdevil' has reportedly publicized the illicit offering of unauthorized VPN access to Darwinbox Digital Solutions Pvt
SecurityWeek
Application Security Startup Aikido Security Raises €5 Million
Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform.
The Hacker News
Alert: Microsoft Releases Patch Updates for 5 New Zero-Day Vulnerabilities
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
The Hacker News
CI/CD Risks: Protecting Your Software Development Pipelines
Malicious actors are exploiting Dependabot's trust. Learn how to protect your CI/CD pipelines and software supply chain.
Cyber Security News
Script Tracer Tool - Threat Researchers to Trace & Deobfuscate the Malware Execution
Cyber forensic tools play a crucial role in cyber investigations by helping investigators to collect, analyze, and preserve digital evidence.
Trend Micro
Cerber Ransomware Exploits Atlassian Confluence Vulnerability CVE-2023-22518
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
The Hacker News
StripedFly Malware Operated Unnoticed for 5 Years, Infecting 1 Million Devices
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
SecurityWeek
Advanced 'StripedFly' Malware With 1 Million Infections Shows Similarities to NSA-Linked Tools
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.
Bleeping Computer
StripedFly malware framework infects 1 million Windows, Linux hosts
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
DarkReading
Complex Spy Platform StripedFly Bites 1M Victims
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
SecurityWeek
Dozens of Squid Proxy Vulnerabilities Remain Unpatched 2 Years After Disclosure
Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers.
The Hacker News
Microsoft Releases October 2023 Patches for 103 Flaws, Including 2 Active Exploits
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
Cyber Security News
Wireshark 4.0.10 Released: What’s New!
Wireshark has been the most widely used open-source Network protocol analyzing tool for several purposes, including troubleshooting, analysis.
The Hacker News
LUCR-3: Scattered Spider Getting SaaS-y in the Cloud
🚨Beware of LUCR-3 (aka Scattered Spider) – a threat actor targeting Fortune 2000 companies for extortion.
DarkReading
Supply Chain Attackers Escalate With GitHub Dependabot Impersonation
Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.
The Hacker News
Cyber Group 'Gold Melody' Selling Compromised Access to Ransomware Attackers
Gold Melody, the financially motivated cyber group, is selling access to compromised organizations for ransomware attacks.
CSO
Gitlab fixes bug that exploited internal policies to trigger hostile pipelines
It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies.
DarkReading
'Culturestreak' Malware Lurks Inside GitLab Python Package
The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.
SecurityWeek
GitLab Patches Critical Pipeline Execution Vulnerability
GitLab has released security updates to address a critical-severity vulnerability allowing an attacker to run pipelines as another user.
The Hacker News
GitLab Releases Urgent Security Patches for Critical Vulnerability
GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.
Bleeping Computer
GitLab urges users to install security updates for critical pipeline flaw
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
The Hacker News
Earth Lusca's New SprySOCKS Linux Backdoor Targets Government Entities
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
Trend Micro
Earth Lusca Employs New Linux Backdoor, Uses Cobalt Strike for Lateral Movement
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
The Hacker News
Microsoft Releases Patch for Two New Actively Exploited Zero-Days Flaws
September 2023 Patch Tuesday — Microsoft addresses 59 bugs, including actively exploited zero-day flaws
The Hacker News
Vietnamese Hackers Deploy Python-Based Stealer via Facebook Messenger
Beware of the latest Facebook Messenger phishing attack! Attackers are taking over accounts through malicious attachments.
CSO
Developers have security, other generative AI concerns but use it anyway
A new survey shows widespread awareness among developers of generative AI risks, but adoption for development tasks is increasing.
Cyber Security News
Threat and Vulnerability Roundup for the week of August 27th to September 2nd
The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.
Loading more articles....