Security News > 2024 > January > Week in review: GitLab account takeover flaw, attackers exploiting Ivanti Connect Secure zero-days
Social engineer reveals effective tricks for real-world intrusionsIn this Help Net Security interview, Jayson E. Street, Chief Adversarial Officer at Secure Yeti, discusses intriguing aspects of social engineering and unconventional methods for gathering target information.
Understanding zero-trust design philosophy and principlesIn this Help Net Security interview, Phil Vachon, Head of Infrastructure in the Office of the CTO at Bloomberg, discusses the varying definitions of zero trust among security professionals and companies, emphasizing its broad design philosophy.
Critical GitLab flaw allows account takeover without user interaction, patch quickly!A critical vulnerability in GitLab CE/EE can be easily exploited by attackers to reset GitLab user account passwords.
SEC's X account hacked to post fake news of Bitcoin ETF approvalSomeone has hijacked the X account of the US Securities and Exchange Commission, and posted an announcement saying the agency has decided to allow the listing of Bitcoin ETFs on registered national security exchanges.
Ivanti Connect Secure zero-days exploited by attackersTwo zero-day vulnerabilities in Ivanti Connect Secure VPN devices are under active exploitation by unknown attackers, Volexity researchers have discovered.
The power of basics in 2024's cybersecurity strategiesIn this Help Net Security video, Nick Carroll, Cyber Incident Response Manager at Raytheon, discusses how while organizations will be challenged to strengthen their defenses faster than cyber threats are evolving, this 'come from behind' rush to keep pace with attackers can often lead to the harmful practice of organizations skipping the foundational basics of cyber defense and failing to establish a general sense of cyber awareness within the business.