Recent Security News
-
CISA: Critical Microsoft SharePoint bug now actively exploited
January 12, 2024 at 02:47PM CISA warned of active exploitation of critical Microsoft SharePoint vulnerabilities, including CVE-2023-29357, which allows attackers to gain admin privileges using spoofed JWT tokens. When chained with another bug, remote code execution is possible. These exploits have gained attention after a successful demo at the Pwn2Own contest, leading to the release…
-
GitLab warns of critical zero-click account hijacking vulnerability
January 12, 2024 at 02:47PM GitLab has released security updates to address critical vulnerabilities in its Community and Enterprise Edition, including an authentication flaw (CVE-2023-7028) allowing account hijacking and a vulnerability (CVE-2023-5356) enabling the abuse of Slack/Mattermost integrations. The flaws were addressed in GitLab versions 16.7.2, 16.5.6, and 16.6.4, with backported fixes available. For official…
-
Secret multimillion-dollar cryptojacker snared by Ukrainian police
January 12, 2024 at 01:04PM Europol-led investigation results in the arrest of a 29-year-old in Ukraine, suspected of orchestrating a multi-million-dollar cryptojacking scheme. The suspect exploited cloud environments to mine over $2 million worth of cryptocurrencies. Despite the involvement of a cloud provider and law enforcement, the identity of the individual remains under judicial secrecy.…
-
Juniper warns of critical RCE bug in its firewalls and switches
January 12, 2024 at 12:40PM Juniper Networks has addressed a critical pre-auth remote code execution vulnerability affecting SRX Series firewalls and EX Series switches, tracked as CVE-2024-21591. Vulnerable Junos OS versions are listed, and admins are urged to apply security updates or disable the J-Web interface. CISA also warned of a previous exploit on Juniper…
-
Brad Arkin is New Chief Trust Officer at Salesforce
January 12, 2024 at 11:41AM Veteran cybersecurity executive Brad Arkin has made the move from Cisco to Salesforce, assuming the role of Chief Trust Officer. With a background in security leadership at companies like Adobe, Arkin is expected to bolster confidence in Salesforce’s handling of customer data in an AI-first world, following the departure of…