The Hacker News
Microsoft Patches 61 Flaws, Including Two Actively Exploited Zero-Days
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
The Hacker News
Microsoft has patched 61 new security flaws, including two zero-days actively exploited in the wild.
Infosecurity News
Experts at the RSA Conference discussed how governments, the open-source community and end users can work together to drastically improve the security of open-source software
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
The weekly news summary keeps you up to date with what’s happening in cybersecurity, including developments, vulnerabilities, breaches, threats, and defensive strategies. Knowing about new cyber risks and attack vectors helps you put up safeguards and preventive measures as soon as possible to protect your systems. Remaining constantly aware gives you a holistic view of […]
DarkReading
Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.
Ars Technica
The threat is potentially grave because it could be used in supply chain attacks.
SecurityWeek
Cybersecurity startups Insane Cyber, Resonance Security, RunReveal and StepSecurity announce pre-seed, early-stage, and seed funding rounds.
Cyber Security News
Washington, D.C., May 1, 2024 – The Cybersecurity and Infrastructure Security Agency (CISA) has issued a critical alert concerning a newly
SecurityWeek
CISA says a critical GitLab password reset flaw is being exploited in attacks and roughly 1,400 servers have not been patched.
Security Affairs
CISA adds GitLab Community and Enterprise Editions improper access control vulnerability to its Known Exploited Vulnerabilities catalog.
The Hacker News
A critical flaw (CVE-2023-7028) is being actively exploited, allowing account takeover by sending password reset emails to unverified addresses.
SC Magazine
More than 2,100 servers may still be vulnerable to GitLab password reset exploits.
The Record
Researchers at Bitsight asked whether organizations remediate software and hardware vulnerabilities faster if they're on the federal government's list. The resulting data added up to a resounding "yes."
Bleeping Computer
CISA warned today that attackers are actively exploiting a maximum-severity GitLab vulnerability that allows them to take over accounts via password resets.
Cyber Security News
Welcome to this week's edition of the Cyber Security News Weekly Round-Up. This issue covers the latest vulnerabilities, cyber attacks, and emerging threats that have been making headlines. Stay informed and stay secure!
Cyber Security News
GitLab released security patches 16.11.1, 16.10.4, and 16.9.6 for both Community and Enterprise Editions, and upgrading to these versions is
DarkReading
An utterly innocuous feature in popular Git CDNs allows anyone to conceal malware behind brand names, without those brands being any the wiser.
Bleeping Computer
BleepingComputer recently reported how a GitHub flaw, or possibly a design decision, is being abused by threat actors to distribute malware using URLs associated with Microsoft repositories, making the files appear trustworthy. It turns out, GitLab is also affected by this issue and could be abused in a similar fashion.
Infosecurity News
The breach affecting business analytics provider Sisense could lead to a wide-scale supply chain attack
CyberSecurity Dive
CISA is working with private industry partners to investigate the attack on the data analytics platform with particular concern about the impact on critical infrastructure.
The Record
“I was hoping for a more informative notification message than basically ‘reset your passwords,’” one Sisense customer said.
Krebs on Security
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) said today it is investigating a breach at business intelligence company Sisense, whose products are designed to allow companies to view the status of multiple third-party online services in a single dashboard.…
The Hacker News
Microsoft releases a massive patch for April 2024, fixing a record 149 flaws. Two vulnerabilities are ALREADY under attack.
Security Affairs
Researchers discovered a sophisticated multi-stage attack that leverages ScrubCrypt to drop VenomRAT along with many malicious plugins.
DarkReading
An ongoing cyberattack with ties to China uses new version of sophisticated JSOutProx Trojan, now targeting banks in the Middle East.
Cyber Security News
GitLab is a prominent web-based Git repository manager that is exploited by hackers to gain unauthorized access to confidential source code,
Security Affairs
A new round of the weekly Security Affairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
The Hacker News
Financial organizations in APAC & MENA are under attack. A sophisticated threat dubbed JSOutProx combines JavaScript & .NET to infiltrate systems.
Bleeping Computer
Visa is warning about a spike in detections for a new version of the JsOutProx malware targeting financial institutions and their customers.
Infosecurity News
First found in 2019, JSOutProx combines JavaScript and .NET functionalities to infiltrate systems
Security Affairs
Resecurity researchers warn that a new Version of JsOutProx is targeting financial institutions in APAC and MENA via Gitlab abuse.
SecurityWeek
Twenty-seven cybersecurity-related merger and acquisition (M&A) deals were announced in March 2024, same as in February.
Cyber Security News
This weekly cybersecurity news recap keeps you informed about the latest threats, exposures, mitigation techniques, and emerging malicious tactics that could compromise systems.
Cyber Security News
GitLab has announced the release of updated versions for both its Community Edition (CE) and Enterprise Edition (EE), addressing critical vulnerabilities that could potentially allow attackers to inject malicious scripts and cause denial of service (DoS) attacks.
The Hacker News
Microsoft releases Patch Tuesday updates to patch 61 new vulnerabilities, including privilege escalation flaws in Azure, Windows, & Authenticator.
Cyber Security News
Stay updated with the most recent advancements in the cybersecurity industry with our weekly recap of cybersecurity news.
SecurityWeek
Concluding a two-day OSS security summit, CISA details key actions to help improve open source software security.
Cyber Security News
GitLab has announced the release of updated versions for its CE and Enterprise Edition (EE) platforms, addressing critical vulnerabilities
CSO
Cybersecurity skills gaps, ambiguous data regulation, and a distributed workforce are all adding to increased insider-driven incidents.
The Hacker News
Learn from GitLab's 2017 incident: 300GB of data lost in seconds, but their transparent recovery is a masterclass in accountability.
SecurityWeek
Supply chain security: A successful attack against a supplier can lead to multiple opportunities against the supplier’s downstream customers
The Hacker News
Microsoft's latest Patch Tuesday tackles 73 vulnerabilities, including actively exploited zero-days.
SecurityWeek
Palo Alto Networks ordered to pay $150 million in patent lawsuit, identity solutions firms get big funding, government hacker techniques.
Cyber Security News
According to the reports shared with Cyber Security News, the threat actor begins the infection chain by delivering the USB drives to the victims by any means of social engineering.
Bleeping Computer
A financially motivated threat actor using USB devices for initial infection has been found abusing legitimate online platforms, including GitHub, Vimeo, and Ars Technica, to host encoded payloads embedded in seemingly benign content.
The Hacker News
UNC4990 is using weaponized USB devices as an initial infection method to target organizations in Italy.
Latest Hacking News
Days after releasing a major update, GitLab rolled out another emergency update addressing a serious vulnerability affecting workspace creation. The service urged all users to update to the latest releases at the earliest, assuring that
SC Magazine
CVE-2024-0402, CVSS score 9.9, may affect more than 4,800 unpatched GitLab servers.
Ars Technica
Vimeo also used by legitimate user who posted booby-trapped content.
The Hacker News
Hackers could write ANY file on your GitLab server while creating a workspace. This critical flaw (CVE-2024-0402) affects all versions.
Security Affairs
A new round of the weekly SecurityAffairs newsletter arrived! Every week the best security articles from Security Affairs are free for you.
Cyber Security News
GitLab has released important security fixes for versions 16.7.2, 16.6.4, and 16.5.6 for GitLab Community Edition (CE) and Enterprise Edition (EE).
SecurityWeek
Over 5,000 GitLab servers have yet to be patched against CVE-2023-7028, a critical password reset vulnerability.
SC Magazine
A critical zero-click account takeover exploit affects GitLab Community and Enterprise Editions.
Security Affairs
Thousands of GitLab servers are vulnerable to zero-click account takeover attacks exploiting the flaw CVE-2023-7028.
Bleeping Computer
Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month.
SecurityWeek
The exploited zero-day, tagged as CVE-2024-0519, is described as an out-of-bounds memory access issue in the V8 JavaScript engine.
Latest Hacking News
Heads up, GitLab users! It’s time to upgrade to the latest GitLab versions, as the updates address multiple security flaws, including a zero-click vulnerability. GitLab Disclosed A Serious Zero-Click Flaw Allowing Account Hijacking As disclosed, numerous security
Bleeping Computer
Adblock and Adblock Plus users report performance issues on YouTube, initially blamed on Google but later determined to be an issue in the popular ad-blocking extension.
SecurityWeek
GitLab has resolved a critical authentication vulnerability allowing attackers to hijack password reset emails.
Cyber Security News
Cybersecurity researchers at Recorded Future recently discovered that APT hackers are actively exploiting the GitHub platform.
The Record
Ukrainian authorities and an unspecified U.S. cloud computing provider teamed up to capture a suspect in a $2 million cryptomining operation.
Security Affairs
GitLab addressed 2 critical bugs impacting both the Community and Enterprise Edition, including a critical zero-click account hijacking issue
DarkReading
Two vulnerabilities are critical, and three others are determined to be of high, medium, and low severity.
Bleeping Computer
GitLab has released security updates for both the Community and Enterprise Edition to address two critical vulnerabilities, one of them allowing account hijacking with no user interaction.
The Hacker News
GitLab patches critical vulnerabilities! CVE-2023-7028 scores a perfect 10 on severity.
The Hacker News
Cybercriminals are increasingly using GitHub for malicious activities like payload delivery and command-and-control operations.
Security Affairs
Researchers discovered three malicious packages in the PyPI repository targeting Linux systems with a cryptocurrency miner.
The Hacker News
Beware of hidden dangers in open-source libraries. Three new malicious PyPI packages found deploying cryptocurrency miners.
The Hacker News
Microsoft's final Patch Tuesday of 2023 is here, addressing 33 software flaws. This release includes 4 Critical and 29 Important fixes.
Cyber Security News
There has been a new malicious campaign - Editbot Stealer, discovered in which threat actors use WinRAR archive.
The Cyber Express
A new menace has emerged on the dark web— the Editbot stealer. Recently discovered by Cyble Research and Intelligence Labs
The Cyber Express
The ever-accelerating pace of technological advancement shapes our world, forging a double-edged digital landscape. On one hand, it fuels innovation
The Cyber Express
An entity identified as 'dawnofdevil' has reportedly publicized the illicit offering of unauthorized VPN access to Darwinbox Digital Solutions Pvt
SecurityWeek
Aikido Security has raised €5 million (~$5.4 million) in seed funding for an all-in-one application security platform.
The Hacker News
Microsoft has released fixes to address 63 security bugs in its software for the month of November 2023.
The Hacker News
Malicious actors are exploiting Dependabot's trust. Learn how to protect your CI/CD pipelines and software supply chain.
Cyber Security News
Cyber forensic tools play a crucial role in cyber investigations by helping investigators to collect, analyze, and preserve digital evidence.
Trend Micro
We encountered the Cerber ransomware exploiting the Atlassian Confluence vulnerability CVE-2023-22518 in its operations.
The Hacker News
StripedFly, a stealthy malware posing as a crypto miner, has infected over a million devices worldwide and has flown under the radar for 5 years.
SecurityWeek
The StripedFly malware has APT-like capabilities, but remained unnoticed for five years, posing as a cryptocurrency miner.
Bleeping Computer
A sophisticated cross-platform malware platform named StripedFly flew under the radar of cybersecurity researchers for five years, infecting over a million Windows and Linux systems during that time.
DarkReading
Sophisticated Windows and Linux malware for stealing data and conducting cyber espionage has flown under the radar, disguised as a cryptominer.
SecurityWeek
Dozens of Squid caching proxy vulnerabilities remain unpatched two years after a researcher reported them to developers.
The Hacker News
Microsoft's October 2023 Patch Tuesday: 103 new vulnerabilities addressed, including 2 zero-days and 13 critical ones.
Cyber Security News
Wireshark has been the most widely used open-source Network protocol analyzing tool for several purposes, including troubleshooting, analysis.
The Hacker News
🚨Beware of LUCR-3 (aka Scattered Spider) – a threat actor targeting Fortune 2000 companies for extortion.
DarkReading
Armed with stolen developer passcodes, attackers have checked in changes to repositories under the automation feature's name in an attempt to escape notice.
The Hacker News
Gold Melody, the financially motivated cyber group, is selling access to compromised organizations for ransomware attacks.
CSO
It was possible for an attacker to run pipelines as an arbitrary user via scheduled security scan policies.
DarkReading
The GitLab code hijacks computer resources to mine Dero cryptocurrency as part of a larger cryptomining operation.
SecurityWeek
GitLab has released security updates to address a critical-severity vulnerability allowing an attacker to run pipelines as another user.
The Hacker News
GitLab issues patches for CVE-2023-5009, a flaw allowing attackers to run pipelines as other users.
Bleeping Computer
GitLab has released security updates to address a critical severity vulnerability that allows attackers to run pipelines as other users via scheduled security scan policies.
The Hacker News
Earth Lusca, a China-linked group, is using a stealthy Linux backdoor called SprySOCKS to target government entities worldwide.
Trend Micro
While monitoring Earth Lusca, we discovered an intriguing, encrypted file on the threat actor's server — a Linux-based malware, which appears to originate from the open-source Windows backdoor Trochilus, which we've dubbed SprySOCKS due to its swift behavior and SOCKS implementation.
The Hacker News
September 2023 Patch Tuesday — Microsoft addresses 59 bugs, including actively exploited zero-day flaws
The Hacker News
Beware of the latest Facebook Messenger phishing attack! Attackers are taking over accounts through malicious attachments.
CSO
A new survey shows widespread awareness among developers of generative AI risks, but adoption for development tasks is increasing.
Cyber Security News
The latest attack techniques, significant weaknesses, and exploits have all been highlighted. We also provide the most latest software upgrades available to keep your devices secure.
Loading more articles....