GitLab Updates Fix Static Password Flaw
GitLab has released updates for GitLab Community Edition (CE) and Enterprise Edition (EE) software to address 17 vulnerabilities. The updates include a fix for a critical flaw that arose from…
GitLab has released updates for GitLab Community Edition (CE) and Enterprise Edition (EE) software to address 17 vulnerabilities. The updates include a fix for a critical flaw that arose from…
The Payment Card Industry Security Standards Council (PCI CCS) has updated the PCI Data Security Standard (DSS) to version 4.0. Changes include “expansion of Requirement 8 to implement multi-factor authentication…
GitHub has added an option to GitHub Advanced Security that scans for secrets before accepting code pushes. The new feature works with 69 token types. More detail https://github.blog/2022-04-04-push-protection-github-advanced-security/
Microsoft is adding a Vulnerable Driver Blocklist to Windows Defender on Windows 10, Windows 11, and Windows Server 2016 or newer. The blocklist will comprise information from Microsoft and from…
Sophos has released an update to address a critical authentication bypass vulnerability in its Firewall products. The flaw exists in the User Portal and Webadmin of the Sophos Firewall, and…
CISA has added 66 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber…
Google has issued an emergency security update for all Chrome users as it confirms that attackers are already exploiting a high severity zero-day vulnerability. The emergency update to version 99.0.4844.84 of…
A Chinese-speaking threat actor called Scarab has been linked to a custom backdoor dubbed HeaderTip as part of a campaign targeting Ukraine since Russia embarked on an invasion last month,…
ESET Research uncovers a sophisticated scheme that distributes trojanized Android and iOS apps posing as popular cryptocurrency wallets More https://www.welivesecurity.com/2022/03/24/crypto-malware-patched-wallets-targeting-android-ios-devices/
Researcher Jose Bertin has identified critical security vulnerabilities in a building controller made by Russian firm Tekon Avtomatika (Tekon.ru). Read more https://www.hackread.com/100-russian-building-controllers-can-be-remotely-hacked/