October 19, 2024 at 10:33AM A Google Scholar profile for Sir Isaac Newton, listing him as a “Professor of Physics” at MIT, has sparked curiosity due to its “verified” email note. However, this verification only confirms email, not identity, and could have been created by anyone affiliated with MIT, causing confusion among users. ### Meeting … Read more
August 2, 2024 at 10:06AM Cybersecurity news roundup by SecurityWeek covers significant stories this week: attackers bypassing Google’s Workspace email verification, European Central Bank conducting a cyber resilience test, privacy and security risks in location-based dating apps, Meta’s PromptGuard bypassed, Armexa’s Industrial Resiliency Integrated Solution launch, CISA and FBI’s note on DDoS attacks and election … Read more
January 15, 2024 at 07:07AM A vulnerability in GitLab’s email verification process (CVE-2023-7028, CVSS score 10) allows attackers to hijack the password reset process by sending reset messages to unverified email addresses. This affects GitLab CE/EE versions 16.1 to 16.7.1, with patches released in versions 16.5.6, 16.6.4, and 16.7.2. Users are advised to update instances … Read more
January 12, 2024 at 10:42PM GitLab released security updates to address two critical vulnerabilities, CVE-2023-7028 and CVE-2023-5356. CVE-2023-7028 allows account takeover without user interaction, affecting versions 16.1 to 16.7. CVE-2023-5356 enables execution of slash commands as another user through Slack/Mattermost integrations. Users are advised to upgrade instances and enable 2FA for elevated privileges. Key takeaways … Read more