GitLab Patches Critical Account Takeover Vulnerability
DevOps platform GitLab has reset the passwords of some user accounts, after addressing a critical account takeover vulnerability. According to the company, in GitLab Community Edition (CE) and Enterprise Edition (EE) versions prior to 14.7.7, 14.8.5, and 14.9.2, a hardcoded password was set when the account was registered using an OmniAuth provider. The critical-severity bug, which is tracked as CVE-2022-1162 (CVSS score of 9.1), could allow attackers to take over accounts. READ MORE...
Trend Micro fixes actively exploited remote code execution bug
Japanese cybersecurity software firm Trend Micro has patched a high severity security flaw in the Apex Central product management console that can let attackers execute arbitrary code remotely. Apex Central is a web-based management console that helps system admins manage Trend Micro products and services (including antivirus and content security products and services) throughout the network. READ MORE...
New Borat remote access malware is no laughing matter
A new remote access trojan (RAT) named Borat has appeared on darknet markets, offering easy-to-use features to conduct DDoS attacks, UAC bypass, and ransomware deployment. As a RAT, Borat enables remote threat actors to take complete control of their victim's mouse and keyboard, access files, network points, and hide any signs of their presence. The malware lets its operators choose their compilation options to create small payloads that feature precisely what they need for highly tailored attacks. READ MORE...
Hive ransomware impacts California non-profit health organisation
Ransomware authors are once again targeting health services, holding important files to ransom and impacting potentially vital services. On this occasion, the victims are a non-profit organisation assisting people with their healthcare needs in California. The victim, Partnership HealthPlan of California, has apparently been struggling since at least March 24 with this outbreak of Hive ransomware. Hive ransomware has been around since June 2021, and is a typical targeted ransomware-as-a-service (RaaS). READ MORE...
Trezor wallets hacked? Don't be duped by phishing attack email
Owners of hardware Trezor cryptocurrency wallets should be on their guard after an email was sent out by thieves attempting to dupe them into downloading new software to their devices. The emails claim that Trezor, which has been making physical USB-connected devices to protect the cryptocurrency and tokens of users since 2014, "experienced a security incident" yesterday that breached the data of 106,856 of its customers. READ MORE...
Explaining Spring4Shell: The Internet security disaster that wasn't
Hype and hyperbole were on full display this week as the security world reacted to reports of yet another Log4Shell. The vulnerability came to light in December and is arguably one of the gravest Internet threats in years. Christened Spring4Shell-the new code-execution bug is in the widely used Spring Java framework-the threat quickly set the security world on fire as researchers scrambled to assess its severity. READ MORE...
- ...in 1841, President William Henry Harrison dies after being in office for only one month.
- ...in 1917, The U.S. Senate votes 90-6 to enter World War I on the Allied side.
- ...in 1968, civil rights leader Dr. Martin Luther King Jr. is fatally shot by an assassin outside of the Lorraine Motel in Memphis, TN.
- ...in 1974, Atlanta Braves right fielder Hank Aaron ties Babe Ruth's home-run record (714), in a game against the Cincinnati Reds.
