The latest GitLab update resolves eight vulnerabilities, including critical- and high-severity pipeline execution flaws.
The post GitLab Patches Pipeline Execution, SSRF, XSS Vulnerabilities appeared first on SecurityWeek.
OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks
OpenAI has disrupted 20 cyber and influence operations this year, including the activities of Iranian and Chinese state-sponsored hackers.
The post OpenAI Says Iranian Hackers Used ChatGPT to Plan ICS Attacks appeared first on SecurityWeek.
CISA Warns of Threat Actors Exploiting F5 BIG-IP Cookies for Network Reconnaissance
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) is warning that it has observed threat actors leveraging unencrypted persistent cookies managed by the F5 BIG-IP Local Traffic Manager (LTM) module to conduct reconnaissance of target networks.
It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who
It said the module is being used to enumerate other non-internet-facing devices on the network. The agency, however, did not disclose who
New Critical GitLab Vulnerability Could Allow Arbitrary CI/CD Pipeline Execution
GitLab has released security updates for Community Edition (CE) and Enterprise Edition (EE) to address eight security flaws, including a critical bug that could allow running Continuous Integration and Continuous Delivery (CI/CD) pipelines on arbitrary branches.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
Tracked as CVE-2024-9164, the vulnerability carries a CVSS score of 9.6 out of 10.
“An issue was discovered in GitLab EE
Bohemia and Cannabia Dark Web Markets Taken Down After Joint Police Operation
The Dutch police have announced the takedown of Bohemia and Cannabia, which has been described as the world’s largest and longest-running dark web market for illegal goods, drugs, and cybercrime services.
The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.
The marketplace
The takedown is the result of a collaborative investigation with Ireland, the United Kingdom, and the United States that began towards the end of 2022, the Politie said.
The marketplace
American Water Bringing Systems Back Online After Cyberattack
American Water is reconnecting and reactivating the systems that were taken offline earlier this week due to a cybersecurity incident.
The post American Water Bringing Systems Back Online After Cyberattack appeared first on SecurityWeek.
Ukraine arrests rogue VPN operator providing access to Runet
Ukraine’s cyber police have arrested a 28-year-old man who operated a massive virtual private network (VPN) service, allowing people from within the country to access the Russian internet (Runet). […]
Akira and Fog ransomware now exploit critical Veeam RCE flaw
Ransomware gangs now exploit a critical security vulnerability that lets attackers gain remote code execution (RCE) on vulnerable Veeam Backup & Replication (VBR) servers. […]
Looking at Security Challenges Through the Lens of Different Roles
What are CISOs and security leaders prioritizing versus the security operators?
The post Looking at Security Challenges Through the Lens of Different Roles appeared first on SecurityWeek.
Marriott settles with FTC, to pay $52 million over data breaches
Marriott International and its subsidiary Starwood Hotels will pay $52 million and create a comprehensive information security program as part of settlements for data breaches that impacted over 344 million customers. […]