Security News

OpenJS Foundation Targeted in Potential JavaScript Project Takeover Attempt
2024-04-16 15:16

Security researchers have uncovered a "credible" takeover attempt targeting the OpenJS Foundation in a manner that evokes similarities to the recently uncovered incident aimed at the open-source...

New open-source project takeover attacks spotted, stymied
2024-04-16 13:07

"The OpenJS Foundation Cross Project Council received a suspicious series of emails with similar messages, bearing different names and overlapping GitHub-associated emails," OpenJS Foundation and Open Source Security Foundation leaders shared on Monday. "These emails implored OpenJS to take action to update one of its popular JavaScript projects to 'address any critical vulnerabilities,' yet cited no specifics. The email author(s) wanted OpenJS to designate them as a new maintainer of the project despite having little prior involvement."

Third-Party ChatGPT Plugins Could Lead to Account Takeovers
2024-03-15 11:34

Cybersecurity researchers have found that third-party plugins available for OpenAI ChatGPT could act as a new attack surface for threat actors looking to gain unauthorized access to sensitive...

Researchers Detail Kubernetes Vulnerability That Enables Windows Node Takeover
2024-03-14 11:59

Details have been made public about a now-patched high-severity flaw in Kubernetes that could allow a malicious attacker to achieve remote code execution with elevated privileges under specific...

We're not Meta support: State AGs tell Zuck to fix rampant account takeover problem
2024-03-07 21:45

A group of 41 US state attorneys general, tired of serving as a customer complaint clearinghouse for Facebook and Instagram users, have sent a letter to Meta asking it to figure out how to reduce a "Dramatic and persistent spike" in account takeovers. In a letter [PDF] dated March 5, the AGs said their offices have received skyrocketing complaints from Facebook and Instagram users about account takeovers and lockouts since 2022.

Critical JetBrains TeamCity On-Premises Flaws Could Lead to Server Takeovers
2024-03-05 03:34

A new pair of security vulnerabilities have been disclosed in JetBrains TeamCity On-Premises software that could be exploited by a threat actor to take control of affected systems. The flaws,...

Critical JetBrains TeamCity On-Premises Flaw Exposes Servers to Takeover - Patch Now
2024-02-07 05:05

JetBrains is alerting customers of a critical security flaw in its TeamCity On-Premises continuous integration and continuous deployment (CI/CD) software that could be exploited by threat actors...

Lagging Mastodon admins urged to patch critical account takeover flaw (CVE-2024-23832)
2024-02-06 09:54

Five days after Mastodon developers pushed out fixes for a remotely exploitable account takeover vulnerability, over 66% of Mastodon servers out there have been upgraded to close the hole. Mastodon is open-source software for running self-hosted social networking services within the wider Fediverse.

Over 5,300 GitLab servers exposed to zero-click account takeover attacks
2024-01-24 17:55

Over 5,300 internet-exposed GitLab instances are vulnerable to CVE-2023-7028, a zero-click account takeover flaw GitLab warned about earlier this month. The critical flaw allows attackers to send password reset emails for a targeted account to an attacker-controlled email address, allowing the threat actor to change the password and take over the account.

New method to safeguard against mobile account takeovers
2024-01-22 10:54

Computer science researchers have developed a new way to identify security weaknesses that leave people vulnerable to account takeover attacks, where an attacker gains unauthorized access to online accounts. Dr Luca Arnaboldi from Birmingham's School of Computer Science worked with Professor David Aspinall from the University of Edinburgh, Dr Christina Kolb from the University of Twente, and Dr Sasa Radomirovic from the University of Surrey to define a way of cataloging security vulnerabilities and modeling account takeover attacks, by reducing them their constituent building blocks.