Security News > 2020 > April

A critical GitLab vulnerability, which could be leveraged by a remote attacker to execute code, recently netted a researcher a $20,000 bug-bounty award. The flaw was reported to GitLab by software developer William Bowling via the HackerOne bug bounty platform on March 23.

In working with Safeguard Cyber, we've always utilized it for digital risk monitoring, more so in the regulatory space, but with the industry and the rapidly evolving nature of what's going on within the mortgage industry, as well as COVID-19. Karen Roby: Jim, how can they best arm their employees to make sure they're not opening the company up to a massive risk?

Businesses need to be aware of the dangers associated with employees using WhatsApp, WeChat, and other communication channels.

The Android ecosystem continues to become more fragmented: several Android versions are supported at the same time, and unsupported end-of-life versions continue to be widely used. Only 30% of the observed devices were running Android 9 or newer in 2019, 40% were running Android 8, and 30% were running Android 7.

IT security is one of the most important tasks a business deals with on a daily basis, and as a business grows, it's critical to reevaluate how a company's security operations center is performing. These are some of the trends and recommendations being made by the Cyber Resilience Think Tank, an independent group of industry security leaders, in a new nine-page report, "Transforming the SOC: Building Tomorrow's Security Operations, Today." Published by email and via the data security vendor Mimecast, the report lays out strategies and questions that should be asked as organizations of any size work to create or update their SOC procedures and protections.

WireGuard has yet to arrive in the Linux kernel, but you can still start testing how this new feature will work.

A new report compiling information from PrivacyRights.org on data breaches in the United States found that California has had the highest number of documents lost during attacks since 2005. Using data on the total number of records lost per breach from 2005 to 2019, email marketing company Omnisend compiled a study ranking US states and companies.

A researcher has earned $20,000 from GitLab after reporting a critical vulnerability that could have been exploited to obtain sensitive information from a server and to execute arbitrary code. The vulnerability was discovered in March by William Bowling, who noticed that an attacker could obtain arbitrary files from a server when moving an issue from one GitLab project to another.

A group of nearly 175 UK academics has criticised the NHS's planned COVID-19 contact-tracing app for a design choice they say could endanger users by creating a centralised store of sensitive health and travel data about them. The app will emit an electronic ID from your phone and receive the IDs of other phones with the app installed.

Google Project Zero security researchers have discovered multiple vulnerabilities in ImageIO, the image parsing API used by Apple's iOS and macOS operating systems. The bugs in image parsing code, some of which impact open source image libraries and not the ImageIO framework itself, can be triggered through popular messenger applications by sending specially crafted image files to the targeted user.