The vulnerability impacts all GitLab CE/EE versions from 15.8 to 16.11.6, 17.0 to 17.0.4, and 17.1 to 17.1.2. Under certain circumstances that GitLab has yet to disclose, attackers can exploit it to trigger a new pipeline as an arbitrary user.
Researchers have identified the developer of a malicious remote access tool used in attacks on Russian organizations. Known as Mr. Burns, the developer has been active in darknet forums since 2010, creating harmful versions of popular tools.
Security researchers have found a critical vulnerability, CVE-2024-38021, impacting Microsoft Outlook. This zero-click remote code execution flaw, now fixed by Microsoft, allowed unauthorized access without authentication.
Warnings have been issued in India regarding a rise in fraudulent smishing attacks, with scammers impersonating India Post to deceive people into giving personal information or clicking on malicious links.
Campaigns distributing DarkGate malware use various methods like email attachments and malicious ads. A campaign in March-April 2024 used Samba file shares hosting malicious files for DarkGate infections.
A recent Next DLP poll revealed that 73% of cybersecurity professionals used unauthorized apps, including AI, last year. Top concerns were data loss, lack of control, and breaches, with 10% admitting to a breach due to these tools.
The Department of Justice investigated around 1,000 accounts on social media platform X, previously Twitter, which were used by the Kremlin to spread pro-Moscow propaganda created by the AI-driven Meliorator software.
Phishing messages impersonating the Regional Transport Office have been circulating since 2024, claiming traffic violations and prompting users to download a malicious APK named “VAHAN PARIVAHAN.apk”.
Research shows that 75% of CISOs are considering a job change due to various challenges and pressures. CISOs often face accountability for cyber incidents and compliance failures, leading to discontent.
QuoIntelligence discovered the operation called Ticket Heist, with convincing websites selling fake Olympic tickets. The prices on these websites are much higher than the official ones.