Federal frenzy to patch gaping GitLab account takeover hole

May 2, 2024 at 10:25AM CISA is mandating federal agencies to patch a critical vulnerability in GitLab to prevent active exploitation by attackers. The vulnerability, CVE-2023-7028, allows unauthorized account takeovers and poses a risk of software supply chain attacks. GitLab has released fixed versions, and those with two-factor authentication are safe. Currently, around 2,149 GitLab … Read more

Verizon DBIR 2024 Shows Surge in Vulnerability Exploitation, Confirmed Data Breaches 

May 2, 2024 at 10:03AM Verizon’s 2024 Data Breach Investigations Report reveals a doubling of security incidents and confirmed breaches compared to the previous year. The exploitation of vulnerability as an initial breach point has surged by 180%, partly due to MOVEit and zero-day attacks. Additionally, the report emphasizes the need for faster response to … Read more

CISA Warns of Active Exploitation of Severe GitLab Password Reset Vulnerability

May 2, 2024 at 02:54AM The U.S. Cybersecurity and Infrastructure Security Agency has added a critical flaw in GitLab to its Known Exploited Vulnerabilities catalog due to active exploitation. Tracked as CVE-2023-7028, the vulnerability could facilitate account takeover and has been addressed in several GitLab versions. Federal agencies are required to apply the latest fixes … Read more

CISA says GitLab account takeover bug is actively exploited in attacks

May 1, 2024 at 12:33PM CISA warns of active exploitation of a critical GitLab vulnerability (CVE-2023-7028), allowing attackers to hijack accounts via password resets, potentially leading to supply chain attacks. While 2FA-protected accounts are safe, unpatched systems are at risk. GitLab has released fixes, and CISA urges prompt patching, especially for federal agencies and private … Read more

Verizon DBIR: Basic Security Gaffes Underpin Bumper Crop of Breaches

May 1, 2024 at 12:02AM The 2024 Data Breach Investigations Report by Verizon Business reveals that 14% of data breaches in 2023 stemmed from security bugs, demonstrating a 180% increase in exploitation. The MOVEit software breach contributed significantly to this trend, impacting various industries. The report emphasizes the urgent need for organizations to strengthen their … Read more

Delta Electronics CNCSoft-G2 DOPSoft DPAX

April 30, 2024 at 10:47AM Summary: The vulnerability report concerns Delta Electronics’ CNCSoft-G2 software, where a stack-based buffer overflow could lead to arbitrary code execution. Versions 2.0.0.5 and prior are affected. The report includes mitigation measures, a risk evaluation, affected products, technical details, and background information. CVE-2024-4192 has been assigned to this vulnerability. From the … Read more

Vulnerability in R Programming Language Could Fuel Supply Chain Attacks

April 30, 2024 at 10:16AM AI security firm HiddenLayer warns that a vulnerability in the R programming language implementation (CVE-2024-27322, CVSS score 8.8) can be exploited by loading a malicious RDS file, allowing arbitrary code execution. This poses a risk of supply chain attacks, particularly within the R community. Patches for this vulnerability have been … Read more

Over 1,400 CrushFTP Instances Vulnerable to Exploited Zero-Day

April 26, 2024 at 10:18AM Over 1,400 vulnerable CrushFTP instances are at risk due to a critical server-side template injection bug (CVE-2024-4040). Attackers can escape the virtual file system (VFS) sandbox, gain admin privileges, and execute code. CrushFTP urges immediate upgrades, warning of exploited vulnerability with potential for data exfiltration. Difficulty in detecting exploitation adds … Read more

Over 1,400 CrushFTP servers vulnerable to actively exploited bug

April 25, 2024 at 12:50PM “Over 1,400 vulnerable CrushFTP servers exposed online are currently targeted by attacks exploiting a critical SSTI vulnerability (CVE-2024-4040), allowing unauthenticated attackers to gain remote code execution. The severity of the flaw was confirmed by Rapid7, with 1,401 unpatched instances discovered. Active exploitation of the zero-day was reported, prompting urgent patching … Read more

WP Automatic WordPress plugin hit by millions of SQL injection attacks

April 25, 2024 at 10:29AM Hackers are targeting WP Automatic plugin for WordPress, exploiting the CVE-2024-27956 vulnerability. The issue allows the creation of admin accounts and backdoors. Over 5.5 million attack attempts have been recorded, prompting the recommendation to update to version 3.92.1 and frequently backup websites to mitigate the risk. After reviewing the meeting … Read more