October 9, 2024 at 05:06PM GitHub and GitLab are increasingly targeted for malicious activities, including a malware campaign using legitimate GitHub repositories and an exploit allowing unauthorized access to users in GitLab. Attackers leverage the platforms’ trusted reputations to deploy malware, highlighting significant security risks for organizations using these collaborative tools. ### Meeting Takeaways: 1. … Read more
June 28, 2024 at 04:52PM A critical GitLab vulnerability (CVE-2024-5655) allows an attacker to run a pipeline as another user. This affects versions 15.8 to 16.11.5 and 17.0 to 17.1.1. The updates address 14 security issues, with one critical, 9 medium, and 3 high severity. Exploiting this vulnerability poses a compliance risk and potential revenue … Read more
May 2, 2024 at 08:09AM GitLab’s email verification vulnerability, tracked as CVE-2023-7028 and with a severity score of 10/10, allowed for password hijacking. GitLab has patched this issue in versions 16.5.6, 16.6.4, and 16.7.2. CISA warns of active exploitation and federal agencies must address vulnerable instances by May 22 under BOD 22-01. All organizations should … Read more
March 7, 2024 at 03:33AM Threat actors are using Facebook messages to distribute the Python-based information stealer called Snake, aiming to capture sensitive data like credentials and cookies. The malware is designed to transmit harvested credentials to platforms like Discord, GitHub, and Telegram. It also targets Vietnamese users and reflects a concerning rise in account … Read more