Recent Security News
-
GitLab warns of critical zero-click account hijacking vulnerability
January 12, 2024 at 02:47PM GitLab has released security updates to address critical vulnerabilities in its Community and Enterprise Edition, including an authentication flaw (CVE-2023-7028) allowing account hijacking and a vulnerability (CVE-2023-5356) enabling the abuse of Slack/Mattermost integrations. The flaws were addressed in GitLab versions 16.7.2, 16.5.6, and 16.6.4, with backported fixes available. For official…
-
Secret multimillion-dollar cryptojacker snared by Ukrainian police
January 12, 2024 at 01:04PM Europol-led investigation results in the arrest of a 29-year-old in Ukraine, suspected of orchestrating a multi-million-dollar cryptojacking scheme. The suspect exploited cloud environments to mine over $2 million worth of cryptocurrencies. Despite the involvement of a cloud provider and law enforcement, the identity of the individual remains under judicial secrecy.…
-
Juniper warns of critical RCE bug in its firewalls and switches
January 12, 2024 at 12:40PM Juniper Networks has addressed a critical pre-auth remote code execution vulnerability affecting SRX Series firewalls and EX Series switches, tracked as CVE-2024-21591. Vulnerable Junos OS versions are listed, and admins are urged to apply security updates or disable the J-Web interface. CISA also warned of a previous exploit on Juniper…
-
Brad Arkin is New Chief Trust Officer at Salesforce
January 12, 2024 at 11:41AM Veteran cybersecurity executive Brad Arkin has made the move from Cisco to Salesforce, assuming the role of Chief Trust Officer. With a background in security leadership at companies like Adobe, Arkin is expected to bolster confidence in Salesforce’s handling of customer data in an AI-first world, following the departure of…
-
Ivanti Connect Secure zero-days exploited to deploy custom malware
January 12, 2024 at 10:36AM Hackers have been exploiting two zero-day vulnerabilities in Ivanti Connect Secure since early December, deploying multiple malware families for espionage. The vulnerabilities, CVE-2023-46805 and CVE-2024-21887, bypass authentication and inject arbitrary commands. Attackers targeted a small number of Ivanti customers. The threat actor, tracked as UNC5221, used various custom malware and…