Security News

GitLab has released a critical security update for multiple versions of its Community and Enterprise Edition products to address eight vulnerabilities, one of which allows account takeover.Getting control over a GitLab account comes with severe consequences as hackers could gain access to developers' projects and steal source code.

GitLab has moved to address a critical security flaw in its service that, if successfully exploited, could result in an account takeover. The security flaw affects all versions of GitLab Enterprise Edition starting from 11.10 before 14.9.5, all versions starting from 14.10 before 14.10.4, and all versions starting from 15.0 before 15.0.1.

The poll was targeted at cybersecurity and IT professionals in both the U.S. and UK. The problem with monitoring of business-critical systems. The poll revealed the extent of insecure and unmonitored business-critical systems, with 40 per cent noting that they do not include business-critical systems such as SAP in their cybersecurity monitoring.

Atlassian has warned of a critical unpatched remote code execution vulnerability impacting Confluence Server and Data Center products that it said is being actively exploited in the wild. "Atlassian has been made aware of current active exploitation of a critical severity unauthenticated remote code execution vulnerability in Confluence Data Center and Server," it said in an advisory.

Hackers are actively exploiting a new Atlassian Confluence zero-day vulnerability tracked as CVE-2022-26134 to install web shells, with no fix available at this time. Today, Atlassian released a security advisory disclosing that CVE-2022-26134 is a critical unauthenticated, remote code execution vulnerability tracked in both Confluence Server and Data Center.

Critical flaw found inside the UNISOC smartphone chip. Check Point Research has identified what it is calling a critical security vulnerability in UNISOC's smartphone chip, which is responsible for cellular communication in 11% of the world's smartphones.

Enterprise security teams being overrun by the rising numbers of vulnerabilities uncovered each day could vastly reduce their patching workload by changing how they prioritize the flaws, according to recent research from vulnerability startup Rezilion. Companies will start their remediation efforts with the vulnerabilities deemed "Critical" and work their way down, said Yotam Perkal, director of vulnerability research with Rezilion.

EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. The botnet was first discovered in March by researchers at Securonix and by April, when analysis of newer samples emerged from Fortinet, EnemyBot had already integrated flaws for more than a dozen processor architectures.

EnemyBot, a botnet based on code from multiple malware pieces, is expanding its reach by quickly adding exploits for recently disclosed critical vulnerabilities in web servers, content management systems, IoT, and Android devices. Its main purpose is launching distributed denial-of-service attacks and the malware also has modules to scan for new target devices and infect them.

Four high severity vulnerabilities have been disclosed in a framework used by pre-installed Android System apps with millions of downloads. "As it is with many of pre-installed or default applications that most Android devices come with these days, some of the affected apps cannot be fully uninstalled or disabled without gaining root access to the device," the Microsoft 365 Defender Research Team said in a report published Friday.