Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns

Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more.

Follow Dark Reading:

May 06, 2024

LATEST SECURITY NEWS & COMMENTARY Critical GitLab Bug Under Exploit Enables Account Takeover, CISA Warns Patch now: Cyberattackers are exploiting CVE-2023-7028 (CVSS 10) to take over and lock users out of GitLab accounts, steal source code, and more. CISO Corner: Verizon DBIR Lessons; Workplace Microaggression; Shadow APIs Our collection of the most relevant reporting and industry perspectives for those guiding cybersecurity strategies and focused on SecOps. Also included: a Tech Tip on setting up DMARC, a DNS mystery from Muddling Meerkat, and a cybersecurity checklist for M&A transitions. GAO: NASA Faces 'Inconsistent' Cybersecurity Across Spacecraft The space agency needs to implement stricter policies and standards when it comes to its cybersecurity practices, but doing so the wrong way would put machinery at risk, a federal review found. Paris Olympics Cybersecurity at Risk via Attack Surface Gaps Though Olympics officials appear to have better secured their digital footprint than other major sporting events have, significant risks remain for the Paris Games. Innovation, Not Regulation, Will Protect Corporations From Deepfakes If CEOs want to prevent their firm from being the next victim of a high-profile deepfake scam, they need to double cybersecurity funding immediately. REvil Affiliate Off to Jail for Multimillion-Dollar Ransomware Scheme Charges against the ransomware gang member included damage to computers, conspiracy to commit fraud, and conspiracy to commit money laundering. (Sponsored Article) Reduce Cloud Risks With CSPM and CNAPP Cloud-native application protection platform and cloud security posture management can help minimize cloud errors through attack path analysis. MORE NEWS / MORE COMMENTARY HOT TOPICS UnitedHealth Congressional Testimony Reveals Rampant Security Fails The breach was carried out with stolen Citrix credentials for an account that lacked multifactor authentication. Attackers went undetected for days, and Change Healthcare's backup strategy failed. The 6 Data Security Sessions You Shouldn't Miss at RSAC 2024 Themed "The Art of Possible," this year's conference celebrates new challenges and opportunities in the age of AI. Safeguarding Your Mobile Workforce Establishing a robust BYOD security strategy is imperative for organizations aiming to leverage the benefits of a mobile-first workforce while mitigating associated risks. Microsoft Graph API Emerges as a Top Attacker Tool to Plot Data Theft Weaponizing Microsoft's own services for command-and-control is simple and costless, and it helps attackers better avoid detection. MORE PRODUCTS & RELEASES Palo Alto Networks Delivers Comprehensive SASE Capabilities Dazz Unveils AI-Powered Automated Remediation for Application Security Posture Management Permira to Acquire Majority Position in BioCatch at $1.3B Valuation MORE PRODUCTS & RELEASES EDITORS' CHOICE Dropbox Breach Exposes Customer Credentials, Authentication Data Threat actor dropped in to Dropbox Sign production environment and accessed emails, passwords, and other PII, along with APIs, OAuth, and MFA info. LATEST FROM THE EDGE Intel Harnesses Hackathons to Tackle Hardware Vulnerabilities The semiconductor manufacturing giant's security team describes how hardware hackathons, such as Hack@DAC, have helped chip security by finding and sharing hardware vulnerabilities. LATEST FROM DR TECHNOLOGY Anetac Targets Service Account Security The new startup's identity and access management platform uncovers poorly monitored service accounts and secures them from abuse. LATEST FROM DR GLOBAL Amnesty International Cites Indonesia as a Spyware Hub The growing amount of surveillance technology being deployed in the country is concerning due to Indonesia's increasing blows to citizens' civil rights. WEBINARS Is AI Identifying Threats to Your Network? Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks View More Dark Reading Webinars >> WHITE PAPERS Elastic named a Leader in The Forrester Wave™: Security Analytics Platforms, Q4 2022 A Short Primer on Container Scanning ESG E-Book: Taking a Holistic Approach to Securing Cloud-Native Application Development Cisco Panoptica for Simplified Cloud-Native Application Security A Short Primer on Container Scanning Understanding Today's Threat Actors Use the 2023 MITRE ATT&CK Evaluation Results for Turla to Inform EDR Buying Decisions View More White Papers >> FEATURED REPORTS 2023 Global Threat Report EMA: AI at your fingertips: How Elastic AI Assistant simplifies cybersecurity How Enterprises Assess Their Cyber-Risk View More Dark Reading Reports >>

Dark Reading Daily -- Published By Dark Reading Informa Tech Holdings LLC | Registered in the United States with number 7418737 | 605 Third Ave., 22nd Floor, New York, New York 10158, USA To opt-out of any future Dark Reading Daily Newsletter emails, please respond here. Thoughts about this newsletter? Give us feedback. Keep This Newsletter Out Of Your SPAM Folder Don't let future editions go missing. Take a moment to add the newsletter's address to your anti-spam white list: If you're not sure how to do that, ask your administrator or ISP. Or check your anti-spam utility's documentation. We take your privacy very seriously. Please review our Privacy Statement.

© 2024 | Informa Tech | Privacy Statement | Terms & Conditions | Contact Us